faiss

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The LangChain integration snippet in SKILL.md utilizes the allow_dangerous_deserialization=True parameter. This setting bypasses security validations during the loading of FAISS indices, which often contain pickled Python objects. If an agent loads an index provided by an attacker, this can lead to arbitrary code execution on the host machine.\n- [EXTERNAL_DOWNLOADS]: The skill documentation lists faiss-cpu, faiss-gpu, and numpy as dependencies for installation via pip. These are well-established libraries from the official Python Package Index and are maintained by Meta AI, which is a well-known and trusted organization.\n- [COMMAND_EXECUTION]: The skill provides various Python scripts for creating, training, and searching vector indices. These operations are standard for vector search tasks and do not involve any malicious system-level commands or unauthorized data access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — faiss