huawei-cloud-billing-scout
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official Huawei Cloud KooCLI ('hcloud') binaries and installation scripts hosted on official vendor infrastructure at 'cn-north-4-hdn-koocli.obs.cn-north-4.myhuaweicloud.com'.
- [REMOTE_CODE_EXECUTION]: The 'references/cli-installation-guide.md' file provides procedures for downloading and executing the official 'hcloud_install.sh' script via the shell to set up the CLI environment.
- [COMMAND_EXECUTION]: The skill invokes the 'hcloud' CLI tool to execute read-only Business Support System (BSS) operations. The installation guide also documents the use of 'sudo' for managing CLI binaries and environment setup.
- [PROMPT_INJECTION]: The skill processes untrusted data from CLI outputs (Ingestion point: 'hcloud' command results). It employs explicit boundary markers such as the 'Huawei Cloud Gate' confirmation and 'No Leak' principles. Its capability inventory is strictly limited to read-only 'List' and 'Show' operations, and it mandates the sanitization of identifiers and prohibits raw data output to mitigate indirect injection risks.
Audit Metadata