Skills
skills/inference-sh-skills/skills/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by fetching data from external web search providers (Tavily, Exa) and directly interpolating this untrusted content into LLM prompts.
  • Ingestion points: External data from tavily/search-assistant, exa/search, and tavily/extract are used as context in LLM prompts.
  • Boundary markers: The prompt templates lack explicit delimiters (e.g., XML tags, clear separators) to distinguish between instructions and retrieved data.
  • Capability inventory: The skill performs remote execution of various search and AI applications via the belt app run command.
  • Sanitization: No sanitization or filtering is applied to the search results before they are passed to the language model.
  • [COMMAND_EXECUTION]: The Bash templates in SKILL.md use shell variable interpolation to build JSON arguments for CLI commands. If the content retrieved from search providers contains characters like backticks, double quotes, or dollar signs, it could lead to command injection or JSON parsing failures in the shell environment.
  • [EXTERNAL_DOWNLOADS]: The skill instructions facilitate the download and installation of external tools and dependencies.
  • Dependencies: Recommends installing the belt-sh/cli package via npx.
  • External Resources: Links to an installation guide hosted at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:28 AM