pudu-cloudveil-skill
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts and WebAssembly modules to perform API requests and cryptographic operations.
- The file
scripts/cloudveil-request.jsis the primary entry point for executing CloudVeil API calls. - The function
sm2Encryptinscripts/cloudveil-request.jsuseschild_process.execFileto runnodewith a local bridge script and a.wasmfile to perform SM2 encryption. - It reads sensitive credentials from environment variables (
CLOUDVEIL_ACCOUNT,CLOUDVEIL_PASSWORD) and sends them (encrypted) to a user-definedCLOUDVEIL_BASE_URL. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
- Ingestion points: Untrusted data enters the agent's context in
scripts/cloudveil-request.jswhen fetching and parsing JSON responses from remote CloudVeil API endpoints. - Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to ignore any natural language instructions that might be embedded in the API's JSON response fields (e.g., in a
messageorrobotNamefield). - Capability inventory: The skill has significant capabilities, including issuing physical robot commands (delivery, transport, lifting, recharge), modifying system configurations (map switching, device shadow updates), and executing local shell commands via Node.js scripts.
- Sanitization: There is no evidence of sanitization or validation of the content returned from the API before it is rendered or interpreted by the agent.
Audit Metadata