similarity-search-patterns
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Potential SQL Injection vulnerability in the
PgVectorStore.searchmethod. - Evidence:
conditions.append(f"metadata->>'{key}' = ${len(params)}")inSKILL.md. - Description: The implementation uses f-string interpolation for database keys within metadata filters. If the keys in the
filter_metadatadictionary are derived from untrusted user input, an attacker could manipulate the SQL query structure to bypass access controls or extract sensitive data. - [EXTERNAL_DOWNLOADS]: Fetches pre-trained machine learning models from HuggingFace Hub.
- Evidence:
model = CrossEncoder('cross-encoder/ms-marco-MiniLM-L-6-v2')inSKILL.md. - Description: The Pinecone template includes a reranking method that automatically downloads and loads a cross-encoder model from a well-known external repository at runtime.
- [INDIRECT_PROMPT_INJECTION]: The skill manages the lifecycle of external data used for Retrieval Augmented Generation (RAG), which presents a surface for indirect prompt injection.
- Ingestion points:
upsertmethods in Pinecone, Qdrant, pgvector, and Weaviate templates. - Boundary markers: None present in the database interaction templates.
- Capability inventory: Database read/write operations and vector similarity searches.
- Sanitization: While values are correctly parameterized in the SQL template, the metadata keys are unsanitized, creating a vulnerability surface.
Audit Metadata