cloud-fs

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on the @nogoo9/mcp-server-cloud-fs npm package, which is downloaded and executed via npx during setup and when tools are missing. This package belongs to the vendor ecosystem associated with the skill author.
  • [COMMAND_EXECUTION]: During the bootstrap phase, the skill executes shell commands to detect environment variables (e.g., AWS_ACCESS_KEY_ID) and the presence of local credential files (e.g., ~/.aws/credentials) to assist the user in configuring the cloud provider.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to read and process text from external cloud storage buckets, which represents a surface for indirect prompt injection if those files contain malicious instructions.
  • Ingestion points: Data is ingested from external sources through tools like read_text_file, grep_file, and read_multiple_files defined in the POSIX mapping reference.
  • Boundary markers: The instructions do not prescribe the use of specific delimiters or markers to isolate content read from these external files.
  • Capability inventory: The skill allows the agent to perform write operations (write_file), move files (move_file), and update project configuration (.mcp.json).
  • Sanitization: No explicit sanitization or validation of the content retrieved from cloud storage is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:49 PM