Skills
skills/volcengine/openviking/ov-add-data/Gen Agent Trust Hub

ov-add-data

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the ov CLI tool on the host system, specifically utilizing add-resource, add-skill, and add-memory subcommands.\n- [EXTERNAL_DOWNLOADS]: Fetches content and repository data from external URLs, including vendor-owned repositories (github.com/volcengine/OpenViking) and arbitrary third-party sites (arxiv.org).\n- [DATA_EXFILTRATION]: Documentation provides examples and instructions for the agent to identify and import sensitive local user data, such as personal photos, project documentation, and profile PDFs, into the OpenViking database.\n- [REMOTE_CODE_EXECUTION]: The ov add-skill command allows for the dynamic loading and persistence of new agent capabilities from remote or local files, providing a mechanism for runtime expansion of agent logic.\n- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted data from URLs and files without sanitization or boundary markers.\n
  • Ingestion points: ov add-resource and ov add-skill subcommands in SKILL.md.\n
  • Boundary markers: Absent.\n
  • Capability inventory: Host CLI execution and network access.\n
  • Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 11:57 AM