Skills
skills/tiangong-lca/skills/lifecyclemodel-hybrid-search/Gen Agent Trust Hub

lifecyclemodel-hybrid-search

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill ships with and executes a shell script scripts/run-lifecyclemodel-hybrid-search.sh to perform its primary function. While intended for utility, it represents a local command execution surface.
  • [DATA_EXFILTRATION] (LOW): The skill transmits data and an authorization token (TIANGONG_LCA_APIKEY) to a non-whitelisted external domain (qgzvkongdjqiiamzbbts.supabase.co). This is functional behavior for this specific skill but qualifies as a network operation to a non-standard domain.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data files via the --data flag without sanitization.
  • Ingestion points: scripts/run-lifecyclemodel-hybrid-search.sh reads from a file specified by the user or agent.
  • Boundary markers: Absent. The script directly cats the file content into the curl request.
  • Capability inventory: Uses curl to send POST requests.
  • Sanitization: None performed on the input file content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM