tiangong-kb-edu-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the official vendor tool, @tiangong-ai/cli, from the NPM registry using npx at runtime.
  • [COMMAND_EXECUTION]: Runs search commands through the Tiangong AI CLI. The script correctly uses shell arrays to handle arguments, which prevents shell injection and ensures that user-provided input is treated as data rather than executable code.
  • [DATA_EXFILTRATION]: Accesses environment variables and local .env files to retrieve configuration and API keys required for authentication with the Tiangong AI service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-edu-search