tiangong-kb-textbook-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the official vendor CLI package @tiangong-ai/cli from the NPM registry using npx at runtime. This resource is provided by the skill's author and is necessary for its core functionality.
  • [COMMAND_EXECUTION]: The wrapper script textbook_search.sh executes the CLI tool to perform searches. It parses user input with jq and uses Bash arrays for command construction, effectively preventing shell command injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill processes untrusted data from user queries and external files, presenting a potential indirect prompt injection surface.
  • Ingestion points: User-provided search strings (query) and JSON configuration files (input_file) are loaded into the script's execution context.
  • Boundary markers: No explicit delimiters are used to wrap query strings in the command execution, but input is treated as a single argument.
  • Capability inventory: The script can execute subprocesses via the Tiangong AI CLI and read local configuration files.
  • Sanitization: Input is validated as valid JSON using jq, and the use of Bash arrays for argument passing prevents the execution of arbitrary shell commands through input strings.
  • [DATA_EXFILTRATION]: The skill includes logic to load .env files for configuration. This behavior is restricted to the directory of the provided input file and is used for standard credential management, with logic to mask credentials in dry-run mode.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-textbook-search