tiangong-kb-ingest

Warn

Audited by Socket on May 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill’s stated purpose is coherent: upload local documents to a knowledge base and report CLI/backend status without touching direct backend secrets. However, its core trust boundary is weak because execution and credential handling are delegated to a `tiangong-ai` CLI and local wrapper script that are not verifiably documented from the provided evidence. That makes this better classified as suspicious/high-risk rather than benign, driven by unverifiable dependency and credential-forwarding concerns, not by clear malicious behavior.

Confidence: 82%Severity: 84%
Audit Metadata
Analyzed At
May 17, 2026, 06:57 AM
Package URL
pkg:socket/skills-sh/tiangong-ai%2Fskills%2Ftiangong-kb-ingest%2F@135b4cd65ba1e62f4dae8d5ff6d5466c75717da7
Security Audit — socket — tiangong-kb-ingest