tiangong-kb-report-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @tiangong-ai/cli package from the NPM registry at runtime using npx. This is the official command-line interface provided by the vendor 'tiangong-ai'.
  • [COMMAND_EXECUTION]: The wrapper script executes the CLI tool along with jq for input processing. It supports loading authentication credentials from a .env file or a path specified in the env_file parameter, following standard practices for secret management in developer-oriented tools. The script uses proper quoting and shell arrays when constructing commands to ensure parameters are handled safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-report-search