skills/chonkie-inc/skills/chonkie/Gen Agent Trust Hub

chonkie

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches chunking configurations (recipes) and pre-trained models from the vendor's official repositories on HuggingFace Hub and established model registries.
  • [DATA_EXFILTRATION]: Facilitates the transfer of text chunks and embedding vectors to external vector database services (e.g., Qdrant, Pinecone, Chroma) as part of its core document ingestion workflow.
  • [COMMAND_EXECUTION]: Provides instructions for running a REST API server via the 'chonkie serve' command to expose chunking functionality over the network.
  • [PROMPT_INJECTION]: As a tool designed to process and chunk external documents for RAG systems, it has an inherent surface for indirect prompt injection if the source data contains adversarial instructions. Evidence chain: Ingestion points (fetch_from, run(texts=...)), Boundary markers (absent in examples), Capability inventory (file reads, network database writes), Sanitization (absent in provided code).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 06:50 PM
Security Audit — agent-trust-hub — chonkie