Skills
skills/gemini-cli-extensions/knowledge-catalog/knowledge-catalog-discovery/Gen Agent Trust Hub

knowledge-catalog-discovery

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: All scripts in the scripts/ directory (lookup_context.js, lookup_entry.js, search_aspect_types.js, and search_entries.js) utilize the child_process.spawn method to execute shell commands via the npx utility.
  • [EXTERNAL_DOWNLOADS]: The scripts invoke npx --yes @toolbox-sdk/server@1.1.0 to dynamically download and run the @toolbox-sdk/server package from the public npm registry during execution.
  • [DATA_EXPOSURE]: The mergeEnvVars function implemented in each script reads and parses environment variables from a .env file located at ../../../.env relative to the script's directory. This is used to automatically load necessary configuration or credentials into the environment for service authentication.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:18 AM
Security Audit — agent-trust-hub — knowledge-catalog-discovery