tiangong-kb-course-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the @tiangong-ai/cli package from the npm registry using npx. This is a standard procedure for using the vendor's official command-line tools.
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded npm package at runtime to process search queries. This behavior is confined to the official vendor tool.
  • [COMMAND_EXECUTION]: Runs shell commands to invoke the search CLI via the course_search.sh script. The script allows overriding the CLI entrypoint through environment variables like TIANGONG_AI_CLI for developer flexibility.
  • [DATA_EXFILTRATION]: Accesses .env files located in the directory of provided input files to load configuration and credentials, such as bearer tokens required for the search API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-course-search