bk-cli-apigateway

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the bk-cli command-line tool to perform API management tasks such as listing gateways and retrieving resource schemas. This behavior is consistent with the skill's stated purpose as a management interface for the TencentBlueKing ecosystem.
  • [SAFE]: No malicious patterns, such as prompt injection, hardcoded credentials, or unauthorized network exfiltration, were identified. The instructions specifically guide the agent to avoid guessing parameters and to prioritize user confirmation during the discovery process.
  • [SAFE]: Authentication examples provided in the documentation use placeholders (e.g., your_app, your_secret), which is a secure method for demonstrating tool usage without exposing real credentials.
  • [SAFE]: The skill incorporates safeguards for handling external data, such as instructing the agent to use --dry-run to verify API calls and requiring explicit user approval when multiple API candidates are found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 04:06 PM
Security Audit — agent-trust-hub — bk-cli-apigateway