chroma

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and retrieval of untrusted external content (documents) as part of its core functionality, creating an indirect prompt injection surface.
  • Ingestion points: The collection.add() and collection.query() methods in SKILL.md are used to process document strings and query text which may originate from untrusted sources.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the provided code snippets to isolate user-provided data.
  • Capability inventory: The skill enables semantic search and document retrieval; while it does not include direct execution capabilities, retrieved content influences the agent's reasoning path.
  • Sanitization: The instructions do not define sanitization or validation logic for the content being added to or queried from the vector store.
  • [EXTERNAL_DOWNLOADS]: The documentation includes instructions to install dependencies from official registries.
  • Evidence: pip install chromadb and npm install chromadb are standard commands for fetching libraries from PyPI and npmjs.com.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — chroma