Skills
skills/tiangong-lca/skills/lifecyclemodel-resulting-process-builder/Gen Agent Trust Hub

lifecyclemodel-resulting-process-builder

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npm exec to download and run the @tiangong-lca/cli package from the official NPM registry. This is a standard procedure for utilizing vendor-provided command-line tools.
  • [COMMAND_EXECUTION]: The execution path involves a Node.js script that delegates operations to the tiangong CLI. This is used for computing model projections and preparing publish artifacts in the local workspace.
  • [DATA_EXFILTRATION]: Remote lookup capabilities are implemented to fetch data from the vendor's API. This functionality uses standard environment variables for the API base URL and credentials and targets the vendor's own official infrastructure.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from lifecycle model JSON files and process catalogs to compute resulting datasets.
  • Ingestion points: External data enters the context via source_model.json_ordered_path and process_sources directory definitions.
  • Boundary markers: Explicit delimiters for embedded instructions are not defined in the wrapper scripts.
  • Capability inventory: The skill possesses the ability to execute subprocesses via the tiangong CLI.
  • Sanitization: The wrapper performs basic argument parsing, while the underlying CLI tool is responsible for data validation against the provided JSON schema.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:48 PM