cloud-billing-guard-huawei

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a custom TypeScript wrapper script scripts/safe-hcloud.ts to execute hcloud (KooCLI) commands. This wrapper implements a robust security policy including an allowlist of permitted service/operation pairs and a denylist of destructive verbs such as Delete, Pay, and Update.\n- [CREDENTIALS_UNSAFE]: The skill includes explicit instructions and code-level redaction patterns to prevent the exposure of Huawei Cloud Access Keys (AK/SK) or session tokens. The wrapper script automatically redacts sensitive patterns and specific key names from CLI output before it reaches the user.\n- [PROMPT_INJECTION]: The workflow defined in SKILL.md requires a multi-step semantic mapping process which ensures user input is translated into pre-defined facts and dimensions before command generation, significantly reducing the risk of a user directly injecting arbitrary CLI arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:43 PM
Security Audit — agent-trust-hub — cloud-billing-guard-huawei