cloudbase-agent
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages dependencies via official package registries (NPM, PyPI) and retrieves configuration from Tencent's official code hosting infrastructure (cnb.cool). These operations follow standard software development practices and target trusted domains associated with the skill's author.
- [COMMAND_EXECUTION]: Provides core functionality for executing shell commands and environment provisioning (e.g., via
create_bash_tool). These features are clearly documented as intended capabilities for building autonomous agents capable of performing system tasks. - [INDIRECT_PROMPT_INJECTION]: As a framework that processes external messages, the SDK defines an attack surface for indirect injections. It provides structural mitigations such as reserved state fields for authentication context and guidance on user-specific isolation (multi-tenancy) to help developers build secure applications.
- [DATA_EXFILTRATION]: Facilitates network and database operations (Redis, PostgreSQL) required for agent memory and external tools. The documentation enforces security best practices by illustrating JWT-based authentication and promoting the use of environment variables for secret management.
Audit Metadata