huawei-cloud-swr-image-management
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
hcloudCLI to perform operations on Huawei Cloud SWR, including managing namespaces, repositories, and tags. These operations are the primary purpose of the skill and interact with official vendor endpoints (*.myhuaweicloud.com). - [SAFE]: The skill implements robust security guidance for handling cloud credentials. It explicitly instructs users to use environment variables (
HUAWEI_CLOUD_AK,HUAWEI_CLOUD_SK,HUAWEI_CLOUD_SECURITY_TOKEN) rather than hardcoding values and provides warnings against echoing or exposing secrets in logs or code repositories. - [SAFE]: Comprehensive documentation on required IAM permissions is provided, including minimal read-only and full management policy JSONs. The skill includes a clear workflow for pausing execution and requesting user intervention if permission errors occur.
- [SAFE]: The skill identifies and mitigates potential indirect prompt injection surfaces by defining strict naming rules for resources and requiring user confirmation for destructive actions.
- Ingestion points: Data entering via
hcloud SWR ListNamespaces,ListReposDetails, andListRepositoryTags(resource names, descriptions, and tag metadata). - Boundary markers: Not explicitly used for data interpolation, but risk is managed via task-specific CLI calls.
- Capability inventory: Extensive resource management capabilities including
DeleteNamespaces,DeleteRepo, andDeleteRepoTagare controlled via explicit user triggers. - Sanitization: The skill relies on underlying API validation and naming constraints enforced by the hcloud CLI and Huawei Cloud SWR service.
Audit Metadata