ai-model-nodejs
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official
@cloudbase/node-sdkNPM package (version >= 3.16.0) and provides links to official Tencent CloudBase documentation and source repositories oncnb.coolandcloud.tencent.com. These are recognized vendor-owned resources. - [DATA_EXFILTRATION]: The skill utilizes the
callCloudApitool to interact with Tencent CloudBase (TCB) services for environment verification and AI model management. These network operations are necessary for the skill's primary function and target the vendor's own infrastructure. - [PROMPT_INJECTION]: While the skill is designed to process user input for AI model calls via the
messagesarray, it follows standard implementation patterns for AI SDKs. - Ingestion points: User-provided text is passed to the
messagesfield ingenerateTextandstreamTextmethods. - Boundary markers: Employs standard role-based message structuring (e.g.,
{ role: 'user', content: '...' }). - Capability inventory: The skill interacts with the
@cloudbase/node-sdkfor AI operations and cloud function management viacallCloudApiandmanageFunctions. - Sanitization: No explicit sanitization is described, as the skill provides a direct interface to the LLM backend.
- [CREDENTIALS_UNSAFE]: The initialization examples use descriptive placeholders such as
<YOUR_SECRET_ID>and<YOUR_SECRET_KEY>, which is a standard and safe documentation practice.
Audit Metadata