Skills
skills/nomadamas/k-skill/gongsijiga-search/Gen Agent Trust Hub

gongsijiga-search

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the node -e command to execute JavaScript snippets that invoke the gongsijiga-search package functionality.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the gongsijiga-search package from the npm registry.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where user-provided address strings are interpolated into a shell command string.
  • Ingestion points: User input for target addresses in SKILL.md.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the address string.
  • Capability inventory: The skill can execute shell commands via Node.js and perform network requests.
  • Sanitization: Absent; the instructions do not specify any validation or escaping of the user-provided address before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 08:31 AM
Security Audit — agent-trust-hub — gongsijiga-search