Skills
skills/etalab-ia/dragster/rag-search/Gen Agent Trust Hub

rag-search

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party Node.js package @tobilu/qmd from a public registry. This introduces a supply chain dependency on a repository not associated with the skill's primary author.
  • [COMMAND_EXECUTION]: The instructions describe executing shell commands where user input is directly interpolated (e.g., qmd query "<query>"). This pattern is susceptible to command injection if the agent does not properly escape the query string, allowing an attacker to execute arbitrary commands on the host system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves and processes untrusted data from a knowledge base corpus.
  • Ingestion points: Document excerpts retrieved via the qmd query command output processed in SKILL.md.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions embedded within the retrieved document content.
  • Capability inventory: The skill uses the Bash tool and interacts with the local file system via the qmd CLI tool.
  • Sanitization: Absent. The skill does not describe any validation or sanitization steps for the data retrieved from the knowledge base before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 01:55 PM