bk-cli-api
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to facilitate the execution of the
bk-clicommand-line tool to perform API calls. This is used to interact with the BlueKing API Gateway as intended. - [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection risks related to data ingestion. It processes external data through flags like
--query,--path, and--body. The risk is mitigated by requiring these inputs to be structured JSON and by enforcing regex validation on thegateway_nameparameter (^[a-z][a-z0-9-]{2,29}$). - [SAFE]: No credential exfiltration, malicious obfuscation, or remote code execution patterns were identified. Examples provided in the documentation use non-sensitive placeholders. The inclusion of an
--insecureflag is documented for debugging purposes and is a standard feature of API development tools.
Audit Metadata