chroma
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion and retrieval of untrusted external content (documents) as part of its core functionality, creating an indirect prompt injection surface.
- Ingestion points: The
collection.add()andcollection.query()methods inSKILL.mdare used to process document strings and query text which may originate from untrusted sources. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the provided code snippets to isolate user-provided data.
- Capability inventory: The skill enables semantic search and document retrieval; while it does not include direct execution capabilities, retrieved content influences the agent's reasoning path.
- Sanitization: The instructions do not define sanitization or validation logic for the content being added to or queried from the vector store.
- [EXTERNAL_DOWNLOADS]: The documentation includes instructions to install dependencies from official registries.
- Evidence:
pip install chromadbandnpm install chromadbare standard commands for fetching libraries from PyPI and npmjs.com.
Audit Metadata