faiss
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The LangChain integration snippet in
SKILL.mdutilizes theallow_dangerous_deserialization=Trueparameter. This setting bypasses security validations during the loading of FAISS indices, which often contain pickled Python objects. If an agent loads an index provided by an attacker, this can lead to arbitrary code execution on the host machine.\n- [EXTERNAL_DOWNLOADS]: The skill documentation listsfaiss-cpu,faiss-gpu, andnumpyas dependencies for installation viapip. These are well-established libraries from the official Python Package Index and are maintained by Meta AI, which is a well-known and trusted organization.\n- [COMMAND_EXECUTION]: The skill provides various Python scripts for creating, training, and searching vector indices. These operations are standard for vector search tasks and do not involve any malicious system-level commands or unauthorized data access.
Audit Metadata