Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-searching-docs/Gen Agent Trust Hub

ai-searching-docs

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The implementation of PgvectorRetriever in SKILL.md uses an f-string to interpolate the table name directly into a raw SQL query (SELECT content FROM {self.table} ...). This pattern is vulnerable to SQL injection if the table name is derived from untrusted user input.
  • [PROMPT_INJECTION]: The skill facilitates the creation of Retrieval-Augmented Generation (RAG) pipelines, which are inherently vulnerable to Indirect Prompt Injection.
  • Ingestion points: WebBaseLoader, PyPDFLoader, DirectoryLoader, CSVLoader, and JSONLoader are used to pull content from external or user-provided files and web pages.
  • Boundary markers: The AnswerFromDocs and AnswerWithCitations signatures do not employ explicit delimiters (like XML tags or markdown blocks) or instructions to ignore embedded commands within the retrieved context.
  • Capability inventory: The system is designed to execute Python scripts for retrieval and generation, performing network requests to vector database providers and LLM APIs.
  • Sanitization: No explicit sanitization or filtering of retrieved document content is shown before it is interpolated into the prompt.
  • [EXTERNAL_DOWNLOADS]: The skill code in examples.md references a public ColBERTv2 endpoint hosted on an Azure IP (http://20.102.90.50:2017/wiki17_abstracts). While this is a known public service used in official DSPy tutorials, it constitutes an external network dependency.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 06:45 PM
Security Audit — agent-trust-hub — ai-searching-docs