skills/skill-zero/s/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI via Bash to orchestrate RAG pipelines, including logging in and running various applications. This is the primary intended functionality of the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches content from external web sources and interpolates this untrusted data into LLM prompts.
  • Ingestion points: Untrusted data enters the agent context via search and extraction tools such as tavily/search-assistant, exa/search, and tavily/extract (SKILL.md).
  • Boundary markers: The skill uses simple text labels like 'Search Results:', 'Source 1 (Tavily):', and '== Overview ==' as delimiters, which may not be robust against sophisticated adversarial instructions hidden in retrieved data.
  • Capability inventory: The skill possesses the capability to execute shell commands (Bash(infsh *)) and interact with external search and LLM APIs.
  • Sanitization: The provided examples do not demonstrate sanitization or escaping of the retrieved content before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 10:13 PM
Security Audit — agent-trust-hub — ai-rag-pipeline