Skills
skills/etalab-ia/dragster/rag-index/Gen Agent Trust Hub

rag-index

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @tobilu/qmd package globally via the bun package manager from the public NPM registry.
  • [COMMAND_EXECUTION]: Executes shell commands including qmd, ls, and find using arguments derived from user input, such as directory paths and collection names.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted document content for indexing. Ingestion points: Document directories specified by the user. Boundary markers: None specified to delimit document content from instructions. Capability inventory: Shell command execution via the qmd tool and file system interaction using ls and find. Sanitization: No explicit sanitization or validation of document content or input arguments is mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 01:55 PM