Skills
skills/mixedbread-ai/skills/mixedbread-search/Gen Agent Trust Hub

mixedbread-search

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted external data (uploaded files and search results) which is then used to generate answers or guide further retrieval steps.
  • Ingestion points: File uploads via mxbai.stores.files.upload (e.g., guide.pdf, faq.md in SKILL.md) and search results retrieved through mxbai.stores.search and mxbai.stores.question_answering.
  • Boundary markers: The provided instructions do not specify the use of delimiters or explicit warnings to the agent to ignore instructions embedded within the processed external data.
  • Capability inventory: The skill uses the Mixedbread SDK to perform network operations and multi-step retrieval through its API.
  • Sanitization: No sanitization or validation of the content within the uploaded documents or retrieved search chunks is described.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references the installation of external software packages required for operation.
  • Python: mixedbread package.
  • Node.js: @mixedbread/sdk package.
  • These are the official SDKs associated with the skill author.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:16 PM