Skills
skills/inference-sh/skills/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of external data from web searches and URL extraction (via Tavily and Exa) to be used as context for LLM responses. This represents a standard RAG attack surface where malicious content on the web could attempt to influence the agent's behavior.
  • Ingestion points: Examples in SKILL.md demonstrate fetching results into variables like $SEARCH, $CONTENT, and $EVIDENCE which are then interpolated into prompts.
  • Boundary markers: Examples use section headers (e.g., '== Overview =='), but do not employ robust isolation or 'ignore embedded instructions' delimiters.
  • Capability inventory: Interacts with external search and LLM APIs via the belt CLI tool.
  • Sanitization: No explicit validation or filtering of the retrieved content is performed before interpolation.
  • [EXTERNAL_DOWNLOADS]: The skill references installation instructions from the author's official GitHub repository (inference-sh/skills). This is a legitimate vendor resource used for setting up the required environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:48 AM
Security Audit — agent-trust-hub — ai-rag-pipeline