Skills
skills/volcengine/openviking/openviking/Gen Agent Trust Hub

openviking

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands (ov) and manage a background server (openviking-server). It also involves creating and writing to local configuration files (e.g., ~/.openviking/ovcli.conf).
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install or update the openviking Python package and provides commands to download external code repositories from URLs for indexing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and searches data from external repositories that could contain hidden instructions targeting the agent.
  • Ingestion points: Remote repository URLs and local paths processed via the ov add-resource command as described in SKILL.md.
  • Boundary markers: None identified in the skill instructions to separate indexed code from system prompts.
  • Capability inventory: Access to the shell (bash tool), file system (read/write), and background process management as documented in SKILL.md.
  • Sanitization: No evidence of input validation or sanitization for the content being indexed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:59 AM