tiangong-kb-edu-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the official vendor tool, @tiangong-ai/cli, from the NPM registry using npx at runtime.
- [COMMAND_EXECUTION]: Runs search commands through the Tiangong AI CLI. The script correctly uses shell arrays to handle arguments, which prevents shell injection and ensures that user-provided input is treated as data rather than executable code.
- [DATA_EXFILTRATION]: Accesses environment variables and local .env files to retrieve configuration and API keys required for authentication with the Tiangong AI service.
Audit Metadata