tiangong-kb-course-fulltext-fetch
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx @tiangong-ai/cli@latestto fetch and execute the official Tiangong AI CLI tool from the npm registry. This is a vendor-owned resource used for its intended purpose. - [COMMAND_EXECUTION]: It executes a bash script (
scripts/course_fulltext_fetch.sh) that safely constructs and runs the CLI command using array-based argument handling to prevent shell injection. - [DATA_EXFILTRATION]: The skill is designed to retrieve text from a document store and does not exhibit patterns of unauthorized data transmission. It includes a function to load environment variables from a file, which is limited to setting only unset variables and includes basic key validation to prevent unintended side effects.
Audit Metadata