agents-llamaindex
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing standard Python packages from PyPI (e.g.,
llama-index,llama-index-core). It also documents data connectors for well-known services like GitHub and various web readers, which is standard functionality for this framework. - [COMMAND_EXECUTION]: The documentation includes bash commands for library installation using
pip. These are informational and intended for environment setup. - [DATA_EXFILTRATION]: While the skill demonstrates connecting to databases and external APIs, all examples use benign placeholders for sensitive information (e.g.,
user:pass,your-key,integration_token="your-token"). No code attempts to harvest or exfiltrate local user data. - [INDIRECT_PROMPT_INJECTION]: As a framework for processing external data (PDFs, web pages, etc.), applications built with these tools have a surface for indirect prompt injection. The skill documents the use of boundary markers and prompt templates as a way to structure context for the LLM, which aligns with security best practices.
Audit Metadata