Skills
skills/tencentcloudbase/cloudbase-mcp/api-contract-review/Gen Agent Trust Hub

api-contract-review

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external data to generate code changes.
  • Ingestion points: The skill reads external documentation from cloud.tencent.com and docs.cloudbase.net, as well as local implementation files in mcp/src/tools/*.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat content within the files or external documentation as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill allows the agent to "prepare the code, test, and doc updates needed for a focused PR" (Phase 4), which involves local file modification.
  • Sanitization: There is no evidence of sanitization or validation logic to filter potentially malicious instructions embedded in the code or documentation being reviewed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 09:45 AM