skills/huaweicloud/huaweicloud-skills/huawei-cloud-ucs-cluster-onboarding-manager/Gen Agent Trust Hub
huawei-cloud-ucs-cluster-onboarding-manager
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted Kubernetes configuration files provided by users or external clusters.
- Ingestion points: Untrusted data enters the agent context via the
--metadata.annotations.kubeconfigparameter during cluster registration (documented inSKILL.mdandreferences/task-cluster-registration.md). - Boundary markers: No explicit delimiters or boundary markers are defined to isolate this untrusted content from the agent's instructions.
- Capability inventory: The skill has powerful management capabilities, including the ability to delete clusters, modify fleet groups, and retrieve credentials (e.g.,
hcloud UCS DeleteCluster,hcloud UCS JoinGroup,hcloud UCS CreateClusterKubeconfig). - Sanitization: There is no evidence of sanitization or strict schema validation for the input YAML before it is interpolated into shell commands.
- [COMMAND_EXECUTION]: The skill performs cloud management operations by executing shell commands via the hcloud CLI tool.
- Evidence: All primary operations, such as
hcloud UCS RegisterCluster,hcloud UCS ShowCluster, andhcloud UCS DeleteCluster, rely on executing shell commands with user-provided parameters. - Risk: This reliance on shell interpolation requires the agent to carefully validate all user-supplied inputs to prevent command injection vulnerabilities.
Audit Metadata