bk-cli-api

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to facilitate the execution of the bk-cli command-line tool to perform API calls. This is used to interact with the BlueKing API Gateway as intended.
  • [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection risks related to data ingestion. It processes external data through flags like --query, --path, and --body. The risk is mitigated by requiring these inputs to be structured JSON and by enforcing regex validation on the gateway_name parameter (^[a-z][a-z0-9-]{2,29}$).
  • [SAFE]: No credential exfiltration, malicious obfuscation, or remote code execution patterns were identified. Examples provided in the documentation use non-sensitive placeholders. The inclusion of an --insecure flag is documented for debugging purposes and is a standard feature of API development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 04:06 PM
Security Audit — agent-trust-hub — bk-cli-api