Is ehudsn/orchata safe?

The skill's core functionality involves transmitting document content to Orchata's external cloud service via save_document and update_document MCP tools. Any text the agent uploads in response to user requests leaves the local environment and is stored on Orchata's infrastructure. This is the designed behavior of a RAG SaaS integration, but represents an inherent data-egress surface that users should be aware of.

The get_document tool accepts spaceId='*' to search all spaces simultaneously. If an agent is instructed to retrieve a file by name without knowing its space, it will query the entire organization's document corpus. This is a wide API scope but consistent with stated intent.

When the agent calls query_spaces or get_tree_node, the returned document content (controlled by whatever is stored in Orchata) flows back into the agent context. If an attacker could write malicious content into an Orchata space, it could attempt prompt injection via query results. This is a property of all RAG integrations, not specific to this skill.

The skill documents manage_space with action='delete' and delete_document as available tools. These are permanent operations. The skill does not include any instructions urging the agent to confirm before deletion, which means a misrouted or confused agent action could permanently remove documents or entire knowledge spaces.

The auditd log records reads of all six honeypot files (.env, id_rsa, .aws/credentials, .npmrc, docker config, gcloud credentials) at timestamp 1771924297, which is approximately 5 seconds before the git clone of the skill begins. A second read batch occurs at 1771924320 after install completes. These are attributed to the OATHE monitoring framework performing baseline capture and final integrity verification, not to any code in the skill (which contains no executable files).