Skills
skills/tiangong-ai/skills/tiangong-kb-ingest/Gen Agent Trust Hub

tiangong-kb-ingest

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/run_kb_ingest.mjs utility executes the tiangong-ai command or a user-defined binary path. It utilizes spawnSync with the shell: false option, which significantly reduces the risk of command injection by preventing the shell from interpreting special characters in file paths or arguments provided by the user.
  • [DATA_EXFILTRATION]: The skill is designed to read local data and transmit it to https://thuenv.tiangong.world:7300 for ingestion. While this pattern involves the external transfer of local information, the destination domain is managed by the skill's author (tiangong-ai), and the operation is necessary for the skill's primary function as a knowledge base ingestion tool.
  • [PROMPT_INJECTION]: By processing local files and interpreting API responses, the skill presents an indirect prompt injection surface. Instructions in SKILL.md mitigate this by establishing a clear 'Safety Boundary' that forbids the agent from handling sensitive backend credentials or performing direct database queries. The evidence chain includes ingestion via CLI arguments, boundary instructions in the markdown, capability to execute subprocesses, and the use of non-shell spawning for sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:29 PM