ai-rag-pipeline
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and examples utilize the
beltcommand-line interface to orchestrate research tasks and LLM inferences.\n- [EXTERNAL_DOWNLOADS]: The documentation references installation scripts and tool configurations hosted on theinference-shGitHub repository.\n- [PROMPT_INJECTION]: The skill design includes a surface for indirect prompt injection by retrieving untrusted content from the web and interpolating it into LLM prompts.\n - Ingestion points: Data from web searches and extracted URL content (e.g., using Tavily and Exa) are passed into variables like
$SEARCH_RESULTand$CONTENTfor inclusion in prompts.\n - Boundary markers: Basic text labels (e.g., "Search Results:") are used to demarcate external data, but robust delimiters or instructions to ignore embedded commands are not implemented in the examples.\n
- Capability inventory: The agent is equipped with the
belttool, enabling it to perform automated research and content retrieval.\n - Sanitization: No sanitization, validation, or escaping of retrieved web content is performed before it is presented to the language model.
Audit Metadata