Skills
skills/zainhas/togetherai-skills/together-embeddings/Gen Agent Trust Hub

together-embeddings

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses the official together Python SDK and together-ai Node.js package to interact with Together AI's well-known API endpoints.
  • [SAFE]: Sensitive credentials like API keys are managed through environment variables (TOGETHER_API_KEY), which is a standard security best practice.
  • [PROMPT_INJECTION]: The skill implements a Retrieval-Augmented Generation (RAG) pipeline, which is a common surface for indirect prompt injection attacks where malicious content in indexed documents could influence the agent's behavior. \n
  • Ingestion points: The VectorStore.add method in scripts/rag_pipeline.py accepts external text data to be indexed. \n
  • Boundary markers: The system prompt in rag_query uses a "Context:" label to delimit retrieved information. \n
  • Capability inventory: The pipeline uses client.chat.completions.create to generate responses based on the context. \n
  • Sanitization: No explicit sanitization or filtering of the retrieved content is performed before interpolation into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 02:10 AM