process-hybrid-search
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and environment configuration specify the use of "@tiangong-lca/cli" from the NPM registry. This is the intended tool for the skill's functionality.
- [REMOTE_CODE_EXECUTION]: Uses "npx" to fetch and execute the latest version of the official vendor CLI. This is a standard method for ensuring the most recent tools are used in search workflows.
- [COMMAND_EXECUTION]: The wrapper script "scripts/run-process-hybrid-search.mjs" orchestrates the execution of CLI commands, passing user-provided or default inputs to the search tool.
- [DATA_EXFILTRATION]: Performs legitimate network calls to documented Supabase endpoints for executing hybrid searches. These requests are authenticated with user-supplied API keys.
- [PROMPT_INJECTION]: The skill processes user search queries and filters as part of its core search logic.
- Ingestion points: User-defined search queries and JSON filters provided via the CLI wrapper in "scripts/run-process-hybrid-search.mjs".
- Boundary markers: Prompt guidelines in "references/prompts.md" instruct the agent to preserve constraints and refrain from inventing data.
- Capability inventory: Local command execution and network access to Supabase services via the CLI launcher.
- Sanitization: Input validation is expected to be performed by the backend search infrastructure and the vendor CLI tool.
Audit Metadata