Skills
skills/yonatangross/orchestkit/reranking-patterns/Gen Agent Trust Hub

reranking-patterns

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection vulnerability identified in the llm_rerank implementation. \n
  • Ingestion points: Untrusted data enters the agent context through the query and documents parameters (specifically doc['content']) in the llm_rerank function.\n
  • Boundary markers: Absent. The function uses simple f-string interpolation (f\"Query: {query}\n\nDocuments:\n{docs_text}\") without robust delimiters (like XML tags) or instructions to ignore embedded commands.\n
  • Capability inventory: The skill uses an LLM (OpenAI) to generate relevance scores. These scores directly determine which documents are prioritized in the agent's context window, influencing all downstream reasoning and responses.\n
  • Sanitization: Absent. There is no escaping or filtering of external content before it is interpolated into the prompt.\n- [EXTERNAL_DOWNLOADS] (LOW): Automatic runtime download of pre-trained model weights. \n
  • Evidence: The CrossEncoderReranker class instantiates CrossEncoder(\"cross-encoder/ms-marco-MiniLM-L-6-v2\"), which triggers a download from HuggingFace.\n
  • Trust Status: HuggingFace is a trusted organization, so the severity is downgraded to LOW per the [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:25 AM