dify-knowledge-base-search
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto perform POST requests to the Dify dataset retrieval endpoint. These commands are properly parameterized with environment variables for the API base URL and dataset ID. - [CREDENTIALS_UNSAFE]: Authentication is managed securely through the
DIFY_API_KEYenvironment variable, avoiding the risk of hardcoded secrets within the skill files. - [EXTERNAL_DOWNLOADS]: Network activity is directed toward
api.dify.ai, which is a well-known service domain for Dify applications, and does not involve downloading or executing external scripts.
Audit Metadata