volcengine-rds-postgresql
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the official 'volcengine-python-sdk', which is a trusted library for interacting with Volcano Engine cloud services.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to provide credentials (AK/SK) via environment variables ('VOLCENGINE_ACCESS_KEY', 'VOLCENGINE_SECRET_KEY') rather than hardcoding them or accepting them as plaintext parameters.
- [COMMAND_EXECUTION]: The tool relies on a local Python script ('scripts/call_rds_postgresql.py') executed via 'uv run'. The script uses structured argument parsing ('argparse') and passes parameters directly to the official SDK methods, minimizing the risk of command injection.
- [DATA_EXFILTRATION]: Network activity is restricted to official Volcano Engine API endpoints through the provided SDK. No unauthorized data transmission to third-party domains was detected.
- [PROMPT_INJECTION]: The instructions in 'SKILL.md' are focused on task execution and parameter gathering without any attempts to bypass safety filters or override agent constraints.
- [SAFE]: Overall, the skill represents a standard, well-implemented cloud management integration.
Audit Metadata