rag-retrieval
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for processing external, untrusted data (documents and web results) that may contain adversarial instructions.
- Ingestion points: Data enters the agent's context through document retrieval (scripts/rag-pipeline-template.ts) and web search fallback (scripts/scripts/crag-workflow.py).
- Boundary markers: The templates include defensive system prompts such as "Answer using ONLY the provided context" and "If not in context, say 'I don't have that information'" (e.g., rules/core-basic-rag.md).
- Capability inventory: The skill uses tools like WebFetch, WebSearch, and Read to interact with external data sources and local files.
- Sanitization: No specialized filtering or sanitization of retrieved text content is performed prior to prompt interpolation.
- [EXTERNAL_DOWNLOADS]: The provided code templates and rules reference numerous external libraries.
- Evidence: References to pinecone, langchain, tavily-python, anthropic, openai, transformers, and torch are present throughout the scripts/ and rules/ directories.
- Assessment: These are standard, well-known dependencies for RAG and LLM applications.
Audit Metadata