blink-rag
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill implements functionality to fetch and process content from external URLs via
blink.data.extractFromUrland theurlparameter in the upload method. This is a standard feature for knowledge base ingestion. - [DATA_EXFILTRATION]: The skill is designed to upload local files and extracted text to the vendor's storage and RAG collections (
blink.storage.upload,blink.rag.upload). This data movement is the primary intended purpose of the skill for building a searchable knowledge base. - [COMMAND_EXECUTION]: The skill utilizes a vendor-specific CLI tool (
blink rag) to perform searches, uploads, and collection management on the host system. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8). Malicious instructions could be embedded in documents uploaded or fetched from URLs, which are then processed by the
blink_rag_aiSearchtool using an LLM. - Ingestion points:
blink.rag.upload(local files/base64),blink.data.extractFromUrl(external web content). - Boundary markers: None identified in the provided instructions to isolate search results from the system prompt.
- Capability inventory: Uses
google/gemini-3-flash(viablink_rag_aiSearch) to generate responses based on retrieved data. - Sanitization: No explicit sanitization or instruction filtering is documented for processed text.
Audit Metadata