Skills
skills/zechenzhangagi/ai-research-skills/chroma/Gen Agent Trust Hub

chroma

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because its primary function is Retrieval-Augmented Generation (RAG). * Ingestion points: Untrusted data enters the system via the collection.add(documents=...) function in SKILL.md. * Boundary markers: No markers are implemented to help the agent distinguish between stored data and embedded instructions. * Capability inventory: The skill has file-system write access via chromadb.PersistentClient and network access via chromadb.HttpClient. * Sanitization: There is no evidence of data sanitization or input validation for ingested documents.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of external dependencies including chromadb, sentence-transformers, langchain-chroma, and llama-index packages from public registries. These sources are not on the pre-approved trusted provider list.
  • [DATA_EXFILTRATION] (LOW): The skill implements network operations through chromadb.HttpClient. Although the examples target localhost (a whitelisted domain), the inherent capability to perform network requests while handling external data is a security consideration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:21 AM