cloudbase
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill provides guidelines for secure authentication using official CloudBase tools (
queryAppAuth,manageAppAuth). It explicitly advises against hardcoding secrets, recommending the use of environment variables or secret management tools (tcb secrets). - [REMOTE_CODE_EXECUTION]: The skill mentions the installation of official Node.js and Python packages (e.g.,
@cloudbase/js-sdk,cloudbase-agent-server). These are well-known vendor resources from 'tencentcloudbase'. It also describes the deployment of cloud functions and CloudRun services, which is the primary intended functionality of the platform. - [COMMAND_EXECUTION]: Development guides for cloud functions and AI agents include instructions for creating startup scripts (
scf_bootstrap) and using tools likecreate_bash_tool. While these allow command execution, they are documented as standard features for server-side logic and agent capabilities within the vendor's ecosystem. - [INDIRECT_PROMPT_INJECTION]: The AI Agent framework (
cloudbase-agent) creates an attack surface for indirect prompt injection as it ingests untrusted user messages via theRunAgentInputprotocol. - Ingestion points: User messages enter the system through the
/send-messageor/aguiendpoints described inreferences/cloudbase-agent/ts/server-quickstart.md. - Boundary markers: The protocol uses structured message objects, but the documentation does not explicitly mandate delimiters for untrusted content.
- Capability inventory: Agents can be equipped with powerful tools including file system access and shell execution (
create_bash_tool) as listed inreferences/cloudbase-agent/py/skill.md. - Sanitization: No specific sanitization or filtering logic is detailed in the guides, relying on the underlying LLM's safety filters and the developer's implementation.
Audit Metadata