cloud-fs
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on the
@nogoo9/mcp-server-cloud-fsnpm package, which is downloaded and executed vianpxduring setup and when tools are missing. This package belongs to the vendor ecosystem associated with the skill author. - [COMMAND_EXECUTION]: During the bootstrap phase, the skill executes shell commands to detect environment variables (e.g.,
AWS_ACCESS_KEY_ID) and the presence of local credential files (e.g.,~/.aws/credentials) to assist the user in configuring the cloud provider. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to read and process text from external cloud storage buckets, which represents a surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: Data is ingested from external sources through tools like
read_text_file,grep_file, andread_multiple_filesdefined in the POSIX mapping reference. - Boundary markers: The instructions do not prescribe the use of specific delimiters or markers to isolate content read from these external files.
- Capability inventory: The skill allows the agent to perform write operations (
write_file), move files (move_file), and update project configuration (.mcp.json). - Sanitization: No explicit sanitization or validation of the content retrieved from cloud storage is mentioned in the workflow.
Audit Metadata