llama-index
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines architectural patterns for building RAG (Retrieval-Augmented Generation) pipelines and autonomous agents that process external, untrusted data. This configuration inherently introduces a risk of indirect prompt injection.
- Ingestion points: Document loaders like
SimpleDirectoryReader(loading from./data) andCustomDataReader(fetching fromapi://endpoint) inSKILL.mdrepresent entry points for untrusted data. - Boundary markers: The provided patterns do not implement boundary delimiters or 'ignore' instructions to prevent the model from obeying instructions embedded in the retrieved data.
- Capability inventory: The skill demonstrates using
ReActAgentandFunctionCallingAgentinSKILL.mdwith tools for calculations and searching, which could be abused if an indirect injection successfully overrides the agent's system prompt. - Sanitization: No examples or requirements for sanitizing or validating ingested data are included in the guide.
- [SAFE]: All external downloads and references target well-known and trusted official repositories for the LlamaIndex framework and established vector database providers.
Audit Metadata