Skills
skills/tiangong-lca/skills/flow-hybrid-search/Gen Agent Trust Hub

flow-hybrid-search

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and executes the @tiangong-lca/cli package from the NPM registry using npm exec. This is a documented vendor-provided tool required for the search functionality.
  • [COMMAND_EXECUTION]: The script scripts/run-flow-hybrid-search.mjs executes the tiangong search flow command. This execution is the primary function of the skill and is controlled via standard CLI arguments.
  • [DATA_EXFILTRATION]: The skill transmits search parameters and authorization tokens to the vendor's Supabase endpoint at https://qgzvkongdjqiiamzbbts.supabase.co/functions/v1/flow_hybrid_search. This network activity is consistent with the skill's stated purpose of performing remote searches.
  • [CREDENTIALS_UNSAFE]: The documentation instructs users on how to provide their own API keys via environment variables or CLI flags using placeholders, following standard security practices for secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:47 PM