Skills
skills/infsh-skills/skills/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references installation scripts and additional skills hosted on the vendor's official GitHub repository and website.
  • Evidence: 'https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md' and various 'inference-sh/skills@...' packages via npx.
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell scripts to orchestrate data flow between search tools and LLM models via the 'belt' CLI.
  • Evidence: Multiple examples in 'SKILL.md' use 'belt app run' within Bash scripts to process data.
  • [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a pattern where external, untrusted content from web searches is interpolated directly into LLM prompts. This creates an attack surface where malicious content on a web page could attempt to influence the agent's behavior.
  • Ingestion points: External data is fetched into variables like 'SEARCH_RESULT', 'TAVILY', 'EXA', and 'CONTENT' within 'SKILL.md'.
  • Boundary markers: The templates use text labels (e.g., 'Search Results:', 'Source 1 (Tavily):') to delimit data, but do not include explicit instructions for the LLM to ignore embedded commands within that data.
  • Capability inventory: The skill utilizes the 'Bash(belt *)' tool to perform network requests and invoke large language models.
  • Sanitization: No evidence of sanitization or escaping of the search results is present before they are interpolated into the prompt strings or JSON payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:30 PM
Security Audit — agent-trust-hub — ai-rag-pipeline