tiangong-kb-ingest
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
tiangong-aiCLI through a Node.js wrapper script (run_kb_ingest.mjs). This execution utilizesspawnSyncwithshell: false, a secure implementation that prevents shell command injection by passing arguments directly to the process. - [CREDENTIALS_UNSAFE]: Authentication is managed via an API key (
TIANGONG_AI_API_KEY) transmitted as a Bearer token. The skill includes a robust 'Safety Boundary' inSKILL.mdthat explicitly forbids the agent from requesting or utilizing sensitive infrastructure secrets (such as AWS, Supabase, or database credentials), demonstrating strong adherence to the principle of least privilege. - [EXTERNAL_DOWNLOADS]: The CLI communicates with the vendor's API endpoint at
https://thuenv.tiangong.world:7300. This is the legitimate service domain for the Tiangong Knowledge Base as defined in the skill documentation.
Audit Metadata