Skills
skills/agents-inc/skills/api-vector-db-weaviate/Gen Agent Trust Hub

api-vector-db-weaviate

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection within its generative search (RAG) examples. Malicious content stored in the vector database could influence the LLM if interpolated into prompts without sanitization or boundary markers.
  • Ingestion points: Data properties (e.g., {title}, {body}) retrieved from Weaviate collections in SKILL.md and examples/search.md (Pattern 8).
  • Boundary markers: Absent; the examples use direct interpolation (e.g., `Summarize this article: {title}
  • {body}`) without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill enables full database CRUD operations and generative LLM interactions via the weaviate-client (v3).
  • Sanitization: The provided patterns do not demonstrate input validation or sanitization for retrieved data before it is sent to the generative model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:31 AM