tiangong-kb-patent-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to dynamically fetch the @tiangong-ai/cli package from the official npm registry. This is a vendor-owned resource matching the skill author and is used to provide the core search functionality.
  • [COMMAND_EXECUTION]: The patent_search.sh script executes the CLI tool as a subprocess. It correctly uses shell arrays and jq to parse input and build command arguments, which protects against common shell injection vulnerabilities.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication via API keys and .env files. It follows security best practices by allowing environment variable overrides and implementing a restricted parser for .env files that prevents the overwriting of existing system variables or the injection of malicious environment keys.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes untrusted user queries and data from external files to perform searches.
  • Ingestion points: User-provided search queries (query, input, claim) and external JSON files (request_file, input_file).
  • Boundary markers: No explicit instruction delimiters or boundary markers were identified in the script logic.
  • Capability inventory: Execution of the search CLI tool and the ability to write search results to an optional output file.
  • Sanitization: The script uses jq to validate and extract structured data and passes parameters as discrete shell arguments to the CLI command.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-patent-search