Skills
skills/bighardperson/computer-science-skills-collection/cloudbase/Gen Agent Trust Hub

cloudbase

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill describes an AI agent framework (CloudBase Agent) that processes untrusted user inputs, constituting a surface for indirect prompt injection.
  • Ingestion points: The framework receives user messages, state, and context through the RunAgentInput object as defined in the protocol references (references/cloudbase-agent/ts/agui-protocol.md).
  • Boundary markers: No explicit boundary markers or instructions to isolate or ignore embedded prompts within user-supplied content are defined in the provided protocol or implementation guides.
  • Capability inventory: The described framework supports powerful system capabilities, including arbitrary shell command execution (create_bash_tool), extensive file system operations (read/write), and cloud environment management (e.g., manageFunctions, manageAgent).
  • Sanitization: The documentation does not mandate specific sanitization or filtering routines for external content processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing dependencies from public registries and fetching scripts from CDNs.
  • Includes installation of numerous official vendor packages from NPM and PyPI, such as @cloudbase/js-sdk, @cloudbase/node-sdk, and the cloudbase-agent-* suite.
  • Mentions the use of the mcporter utility via npx and fetching Web SDK assets from the static.cloudbase.net domain.
  • [COMMAND_EXECUTION]: Development and deployment workflows require the execution of shell commands and scripts.
  • Includes instructions to use chmod +x for startup scripts (scf_bootstrap) to ensure they are executable in cloud runtimes.
  • Instructs the agent to perform environment management tasks using MCP tools that interact with cloud resources.
  • [REMOTE_CODE_EXECUTION]: The documentation provides patterns for the dynamic loading of resources and execution of scripts.
  • Describes methods for using require with computed paths to load local configuration files that may contain sensitive credentials, such as tcb_custom_login.json (references/auth-nodejs/SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:03 AM
Security Audit — agent-trust-hub — cloudbase