tiangong-kb-ingest
Warn
Audited by Socket on May 17, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill’s stated purpose is coherent: upload local documents to a knowledge base and report CLI/backend status without touching direct backend secrets. However, its core trust boundary is weak because execution and credential handling are delegated to a `tiangong-ai` CLI and local wrapper script that are not verifiably documented from the provided evidence. That makes this better classified as suspicious/high-risk rather than benign, driven by unverifiable dependency and credential-forwarding concerns, not by clear malicious behavior.
Confidence: 82%Severity: 84%
Audit Metadata