Skills
skills/wanikua/danghuangshang/openviking/Gen Agent Trust Hub

openviking

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the openviking Python package via pip to provide its core functionality.
  • [COMMAND_EXECUTION]: The viking.sh wrapper script executes dynamic Python code using the python3 -c command. It employs environment variables to pass arguments safely, which mitigates direct shell injection into the Python environment.
  • [DATA_EXFILTRATION]: The skill reads local files and directories provided by the user to build a semantic search index. This data is sent to external embedding providers (such as NVIDIA) as part of its normal operation.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted local data that may be retrieved and processed by the AI agent.
  • Ingestion points: File and directory paths processed by the add and add-dir commands in viking.sh.
  • Boundary markers: No explicit delimiters or instruction-ignore markers are used when processing file content.
  • Capability inventory: File system read access, semantic search, and document summarization.
  • Sanitization: No explicit sanitization or filtering of file content is performed within the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 01:38 AM