ima-knowledge-base
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a wrapper script
ima_kb_tool.pyto call its internal tools viasubprocess.run. It correctly uses argument lists rather than a shell string, which is a safe practice. - [EXTERNAL_DOWNLOADS]: Network calls are made to official Tencent domains (
ima.qq.com,myqcloud.com) to facilitate the skill's documented knowledge base management functions. - [CREDENTIALS_UNSAFE]: Authentication tokens are managed through local configuration or environment variables. No actual secrets are exposed in the source code or example files.
- [DATA_EXFILTRATION]: Local file access and upload capabilities are provided as intended features for knowledge base management, with no evidence of unauthorized data transfer.
Audit Metadata