baidu-wenku-aippt-personal

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the bdpan CLI installer and skill updates from official Baidu domains (issuecdn.baidupcs.com and pan.baidu.com). These downloads are documented for transparency and do not present a security risk as they originate from the vendor's infrastructure.
  • [REMOTE_CODE_EXECUTION]: Executes downloaded installers and updates. The skill ensures integrity by performing mandatory SHA256 checksum verification against hardcoded values (in install.sh) or values provided by the official configuration API (in update.sh) before execution.
  • [CREDENTIALS_UNSAFE]: Handles authentication via a secure OAuth 2.0 OOB flow. It prevents credential exposure by passing the authorization code through stdin to the CLI tool and includes explicit safety constraints in the SKILL.md file that forbid the AI agent from reading or outputting the contents of the configuration file (~/.config/bdpan/config.json) where tokens are stored.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user queries to determine PPT themes and styles. While this creates an ingestion surface for untrusted data, the risk is low as the data is used for content generation within the scoped bdpan tool and the skill lacks capabilities that would allow for privilege escalation or unauthorized data access based on the query content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:53 PM
Security Audit — agent-trust-hub — baidu-wenku-aippt-personal