Skills
skills/aradotso/ai-agent-skills/agentic-rag-for-dummies/Gen Agent Trust Hub

agentic-rag-for-dummies

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the installation script for Ollama from its official domain (ollama.com).
  • [REMOTE_CODE_EXECUTION]: The installation process for the local model provider involves piping a remote shell script from ollama.com directly into the shell (sh). This is a standard but high-privilege installation method for this service.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface because it ingests and processes external PDF files to provide context for the AI agent. If these documents contain malicious instructions, they could influence the agent's behavior during the retrieval process.
  • Ingestion points: Local PDF files in the docs/ directory are converted to markdown and indexed into a vector database for retrieval.
  • Boundary markers: The AGENT_PROMPT used for retrieval does not utilize explicit delimiters or XML tags to clearly separate the retrieved document context from the agent's instructions.
  • Capability inventory: The skill utilizes file system operations for storing parent/child chunks (parent_store/) and managing the vector database (qdrant_db/), and it can perform network requests through various LLM provider APIs.
  • Sanitization: There is no evidence of sanitization or filtering of the content extracted from the documents before it is presented to the model.
Recommendations
  • HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 08:09 PM
Security Audit — agent-trust-hub — agentic-rag-for-dummies