cloudbase-cli
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill does not contain any direct prompt injection or jailbreak attempts. It provides structured guidance for using the tcb CLI. An indirect prompt injection surface is documented because the skill processes untrusted local project files (e.g., cloudbaserc.json, package.json) and has high-privilege capabilities; however, this is addressed through instructions for human confirmation and mandatory dry-run usage.\n- [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns were detected. The skill provides instructions for managing credentials and secrets, including specific warnings against hardcoding sensitive information in command parameters or configuration files.\n- [REMOTE_CODE_EXECUTION]: The skill references standard package installation and build processes (e.g., npm install, ng build) for web application deployment. All external resource references point to legitimate Tencent Cloud domains associated with the author's infrastructure.\n- [COMMAND_EXECUTION]: The skill's primary function is to facilitate the execution of tcb CLI commands. It includes robust security protocols, such as requiring command documentation review and dry-run previews before any resource-altering or destructive operations, like resource deletion or SQL mutations.\n- [EXTERNAL_DOWNLOADS]: The skill references its own source code and configuration files on Tencent's code hosting platform. These are documented neutrally as they originate from the vendor's official repository.
Audit Metadata