byted-viking-knowledgebase
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external Python libraries.
- Dependencies identified in
scripts/requirements.txt:volcengine,aiohttp. scripts/search.pyalso utilizes therequestslibrary.- [COMMAND_EXECUTION]: The skill executes a local Python script to perform searches.
- Execution pattern:
python scripts/search.py "query". - [DATA_EXFILTRATION]: The skill transmits authentication credentials to an external domain.
- Evidence:
scripts/search.pyreadsVIKING_KBSVR_API_KEYfrom environment variables and includes it in theAuthorizationheader of requests sent toapi-knowledgebase.mlp.cn-beijing.volces.com. - Note: This is a vendor-owned domain (Volcengine/ByteDance) and represents expected functionality for an API-based service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data-processing workflow.
- Ingestion points: Content is retrieved from an external knowledge base via the
/api/knowledge/service/chatendpoint inscripts/search.py. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the script's output handling.
- Capability inventory: The script performs network requests and prints retrieved content to stdout for agent consumption.
- Sanitization: There is no evidence of sanitization or filtering of the retrieved knowledge base content before it is presented to the agent.
Audit Metadata