cloud-billing-guard-huawei
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom TypeScript wrapper script
scripts/safe-hcloud.tsto executehcloud(KooCLI) commands. This wrapper implements a robust security policy including an allowlist of permitted service/operation pairs and a denylist of destructive verbs such as Delete, Pay, and Update.\n- [CREDENTIALS_UNSAFE]: The skill includes explicit instructions and code-level redaction patterns to prevent the exposure of Huawei Cloud Access Keys (AK/SK) or session tokens. The wrapper script automatically redacts sensitive patterns and specific key names from CLI output before it reaches the user.\n- [PROMPT_INJECTION]: The workflow defined inSKILL.mdrequires a multi-step semantic mapping process which ensures user input is translated into pre-defined facts and dimensions before command generation, significantly reducing the risk of a user directly injecting arbitrary CLI arguments.
Audit Metadata