Skills
skills/aradotso/mcp-skills/modular-rag-mcp-server/Gen Agent Trust Hub

modular-rag-mcp-server

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Clones the project repository from https://github.com/jerry-ai-dev/MODULAR-RAG-MCP-SERVER.git via git clone. This is the primary source for the system being deployed.
  • [COMMAND_EXECUTION]: Executes standard commands for environment setup, dependency installation (pip install), and running the Streamlit dashboard and MCP server. These are necessary for the skill's stated purpose.
  • [CREDENTIALS_UNSAFE]: Recommends the use of .env files for managing API keys for providers such as OpenAI and Anthropic, which is consistent with secure local development practices.
  • [PROMPT_INJECTION]: (Indirect Risk Surface)
  • Ingestion points: Ingests external PDF documents via the IngestionPipeline for processing into the knowledge base (SKILL.md).
  • Boundary markers: No explicit instructions are provided to the agent to ignore or delimit potentially malicious instructions within processed documents.
  • Capability inventory: The skill includes file system access for document ingestion and network operations for interacting with AI provider APIs (SKILL.md).
  • Sanitization: Content sanitization or filtering is not explicitly mentioned in the skill's setup instructions, which is common for general-purpose RAG templates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 01:34 PM
Security Audit — agent-trust-hub — modular-rag-mcp-server