ai-model-nodejs

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the official @cloudbase/node-sdk NPM package (version >= 3.16.0) and provides links to official Tencent CloudBase documentation and source repositories on cnb.cool and cloud.tencent.com. These are recognized vendor-owned resources.
  • [DATA_EXFILTRATION]: The skill utilizes the callCloudApi tool to interact with Tencent CloudBase (TCB) services for environment verification and AI model management. These network operations are necessary for the skill's primary function and target the vendor's own infrastructure.
  • [PROMPT_INJECTION]: While the skill is designed to process user input for AI model calls via the messages array, it follows standard implementation patterns for AI SDKs.
  • Ingestion points: User-provided text is passed to the messages field in generateText and streamText methods.
  • Boundary markers: Employs standard role-based message structuring (e.g., { role: 'user', content: '...' }).
  • Capability inventory: The skill interacts with the @cloudbase/node-sdk for AI operations and cloud function management via callCloudApi and manageFunctions.
  • Sanitization: No explicit sanitization is described, as the skill provides a direct interface to the LLM backend.
  • [CREDENTIALS_UNSAFE]: The initialization examples use descriptive placeholders such as <YOUR_SECRET_ID> and <YOUR_SECRET_KEY>, which is a standard and safe documentation practice.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:06 PM
Security Audit — agent-trust-hub — ai-model-nodejs