skills/mukul975/anthropic-cybersecurity-skills/testing-prompt-injection-in-rag-pipelines/Gen Agent Trust Hub
testing-prompt-injection-in-rag-pipelines
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdandscripts/agent.pyfiles contain prompt injection payloads such as 'ignore previous instructions' and 'output the system prompt'. These are explicitly provided as test cases for security researchers to evaluate the resilience of AI systems. - [COMMAND_EXECUTION]: The skill provides instructions for running security testing tools like NVIDIA garak, Microsoft PyRIT, and Promptfoo via the command line, as well as executing a custom Python testing agent (
agent.py). - [EXTERNAL_DOWNLOADS]: The documentation guides the user to install several third-party security and machine learning packages from official registries (PyPI and NPM), including
garak,pyrit,promptfoo, andsentence-transformers. - [DATA_EXFILTRATION]: The
scripts/agent.pyscript includes functionality to send data (injection payloads) to a user-specified RAG endpoint via HTTP POST. This is a core feature for the tool's intended role in probing remote APIs for vulnerabilities.
Audit Metadata