talon
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as documentation for the Talon database engine. No prompt injection, data exfiltration, or persistence mechanisms were detected.
- [EXTERNAL_DOWNLOADS]: The skill references official SDKs hosted on the author's GitHub repository (github.com/darkmice/talon-sdk) and a pre-compiled commercial library from the vendor's domain (releases.talon.dev). These are legitimate vendor resources and do not pose a security risk.
- [COMMAND_EXECUTION]: Code snippets include standard package manager commands (e.g.,
go get,npm install,git clone) used to set up the database environment. These are expected for a development-focused skill. - [DATA_EXFILTRATION]: All data operations described are local to the user's defined data directory (e.g.,
./data). There are no unauthorized network operations or transfers to untrusted third parties. - [REMOTE_CODE_EXECUTION]: While the skill mentions loading a pre-compiled commercial library (
talon-ai), this is a documented feature of the product provided by the vendor. The SDKs use standard Foreign Function Interface (FFI) mechanisms (like Python'sctypesor Node.jsffi-napi) to interact with the native library, which is routine for high-performance database drivers.
Audit Metadata