bk-cli-apigateway
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
bk-clicommand-line tool to perform API management tasks such as listing gateways and retrieving resource schemas. This behavior is consistent with the skill's stated purpose as a management interface for the TencentBlueKing ecosystem. - [SAFE]: No malicious patterns, such as prompt injection, hardcoded credentials, or unauthorized network exfiltration, were identified. The instructions specifically guide the agent to avoid guessing parameters and to prioritize user confirmation during the discovery process.
- [SAFE]: Authentication examples provided in the documentation use placeholders (e.g.,
your_app,your_secret), which is a secure method for demonstrating tool usage without exposing real credentials. - [SAFE]: The skill incorporates safeguards for handling external data, such as instructing the agent to use
--dry-runto verify API calls and requiring explicit user approval when multiple API candidates are found.
Audit Metadata