viking-knowledgebase
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill transmits sensitive authentication data over an insecure channel. In
scripts/search.py, theVIKING_KBSVR_API_KEY(Bearer token) is included in headers sent to anhttp://URL instead ofhttps://, exposing credentials to potential interception. - [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/search.pyusing arguments provided by the agent to perform knowledge base queries. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of
volcengine,aiohttp, andrequestspackages. These are standard libraries for interacting with the targeted service. - [DATA_EXFILTRATION]: The skill communicates with
api-knowledgebase.mlp.cn-beijing.volces.com. This is an official Volcengine (Bytedance) domain, consistent with the author's identity. It uses environment variables for authentication. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external knowledge base content.
- Ingestion points:
scripts/search.pyretrieves search results from the Volcengine API and prints the content directly to the agent's context. - Boundary markers: No delimiters or instructions to ignore embedded commands are used when outputting retrieved content.
- Capability inventory: The skill possesses network communication capabilities via the
requestslibrary. - Sanitization: The content retrieved from the knowledge base is not validated, escaped, or filtered before being presented to the agent.
Audit Metadata