chonkie
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches chunking configurations (recipes) and pre-trained models from the vendor's official repositories on HuggingFace Hub and established model registries.
- [DATA_EXFILTRATION]: Facilitates the transfer of text chunks and embedding vectors to external vector database services (e.g., Qdrant, Pinecone, Chroma) as part of its core document ingestion workflow.
- [COMMAND_EXECUTION]: Provides instructions for running a REST API server via the 'chonkie serve' command to expose chunking functionality over the network.
- [PROMPT_INJECTION]: As a tool designed to process and chunk external documents for RAG systems, it has an inherent surface for indirect prompt injection if the source data contains adversarial instructions. Evidence chain: Ingestion points (fetch_from, run(texts=...)), Boundary markers (absent in examples), Capability inventory (file reads, network database writes), Sanitization (absent in provided code).
Audit Metadata