tiangong-kb-patent-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto dynamically fetch the@tiangong-ai/clipackage from the official npm registry. This is a vendor-owned resource matching the skill author and is used to provide the core search functionality. - [COMMAND_EXECUTION]: The
patent_search.shscript executes the CLI tool as a subprocess. It correctly uses shell arrays andjqto parse input and build command arguments, which protects against common shell injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill manages authentication via API keys and
.envfiles. It follows security best practices by allowing environment variable overrides and implementing a restricted parser for.envfiles that prevents the overwriting of existing system variables or the injection of malicious environment keys. - [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes untrusted user queries and data from external files to perform searches.
- Ingestion points: User-provided search queries (
query,input,claim) and external JSON files (request_file,input_file). - Boundary markers: No explicit instruction delimiters or boundary markers were identified in the script logic.
- Capability inventory: Execution of the search CLI tool and the ability to write search results to an optional output file.
- Sanitization: The script uses
jqto validate and extract structured data and passes parameters as discrete shell arguments to the CLI command.
Audit Metadata