auth-tool-cloudbase
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows best practices by using placeholders for sensitive configuration values and directing users to official consoles.
- [EXTERNAL_DOWNLOADS]: References official skill sources and image assets from trusted domains including
cnb.cool(Tencent's cloud-native build platform) andtencent-cloud.cn. - [COMMAND_EXECUTION]: Utilizes management tools such as
queryAppAuthandmanageAppAuthto modify cloud environment settings, which aligns with the skill's intended purpose of authentication provider management. - [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface as it processes user-supplied authentication configuration data. 1. Ingestion points: User-provided credentials (SMTP, OAuth) and provider settings processed in
SKILL.md. 2. Boundary markers: Absent in the provided instructions. 3. Capability inventory: Management APIs viamanageAppAuthandcallCloudApiinSKILL.md. 4. Sanitization: Not explicitly documented in the skill's instructions, relying on the underlying tool implementation.
Audit Metadata