Skills
skills/tencentcloudbase/skills/cloudbase-document-database-web-sdk/Gen Agent Trust Hub

cloudbase-document-database-web-sdk

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill consists of documentation and code examples for the official Tencent CloudBase Web SDK (@cloudbase/js-sdk). No malicious patterns, such as obfuscation, credential harvesting, or unauthorized system access, were detected.
  • [DATA_EXFILTRATION]: All external URLs and resource references point to official Tencent Cloud and CloudBase domains, including tencent.com, cloudbase.net, and cnb.cool (Tencent's Coding platform). These are recognized vendor resources used for documentation and official repository hosting.
  • [COMMAND_EXECUTION]: The skill documentation describes the use of a tool named managePermissions to configure database security rules. This is a legitimate management capability designed to help developers implement proper access control for their data.
  • [PROMPT_INJECTION]: The skill presents an inherent surface for indirect prompt injection as it facilitates the retrieval and processing of data from a remote database.
  • Ingestion points: Data enters the agent's context through db.collection().get() and db.collection().watch() operations described in the crud-operations.md and realtime.md files.
  • Boundary markers: The documentation does not explicitly specify the use of delimiters when the agent presents retrieved data to the user.
  • Capability inventory: The skill provides full CRUD (Create, Read, Update, Delete) capabilities and administrative tools for permission management.
  • Sanitization: The skill provides security best practices, such as input validation examples (e.g., the validateTodo function) and instructions on utilizing security rules to validate requests.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 11:45 AM