volcengine-knowledge-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from 'https://docs-api.cn-beijing.volces.com', which is an official Volcengine API endpoint. This is used exclusively to retrieve public documentation and does not involve downloading executable code.
- [COMMAND_EXECUTION]: The skill is implemented as a Python script ('scripts/volcengine_docs.py') intended to be executed via the command line with user-provided arguments like search queries and URLs.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the web (external documentation). While it strips HTML tags, it does not use explicit boundary markers to separate documentation content from the agent's instructions.
- Ingestion points: Data is fetched in 'scripts/volcengine_docs.py' via the 'http_post' function.
- Boundary markers: Absent in the output formatting.
- Capability inventory: The script can write temporary files to the local disk ('tempfile.mkstemp') when output exceeds the preview threshold.
- Sanitization: Employs 'html.parser.HTMLParser' to remove HTML tags and clean the text content.
Audit Metadata