gangtise-copilot

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads 19 external skills bundled in 4 ZIP archives from a remote Huawei Cloud OBS bucket and fetches its own components from GitHub via API calls.
  • [REMOTE_CODE_EXECUTION]: The installation process involves unzipping and symlinking executable Python and shell scripts obtained from remote servers, which are integrated into the agent's environment for runtime execution.
  • [COMMAND_EXECUTION]: The skill requires the execution of multiple local shell scripts that perform systemic changes, including file system modifications and active network verification calls to open.gangtise.com.
  • [CREDENTIALS_UNSAFE]: The configuration script handles accessKey and secretAccessKey credentials, storing them in plaintext within local JSON files (~/.config/gangtise/authorization.json) and creating symlinks across various skill directories, which increases the credential exposure surface.
  • [PROMPT_INJECTION]: The skill installs components that ingest untrusted data from web searches and internal knowledge bases, creating an indirect prompt injection surface.
  • Ingestion points: External data enters through scripts like scripts/kb.py and scripts/web.py within the installed skill suite.
  • Boundary markers: No explicit boundary markers are used at the wrapper level to separate retrieved data from agent instructions.
  • Capability inventory: The suite of skills has the ability to perform network requests, file writes, and process data into research reports.
  • Sanitization: The wrapper does not implement sanitization or validation logic for the content retrieved from external sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 11:36 PM
Security Audit — agent-trust-hub — gangtise-copilot