Skills
skills/wgpsec/aboutsecurity/cloud-metadata/Gen Agent Trust Hub

cloud-metadata

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the coscli utility from Tencent Cloud's official distribution domain (cosbrowser.cloud.tencent.com). This tool is used for managing Cloud Object Storage resources.
  • [COMMAND_EXECUTION]: Includes instructions for the setup and execution of various cloud management CLI tools (aws, tccli, coscli), including modifying file permissions with chmod +x for downloaded binaries.
  • [DATA_EXFILTRATION]: Describes methodologies for retrieving sensitive temporary credentials (IAM/CAM) from instance metadata services (IMDS). This functionality is aligned with the skill's stated purpose for cloud security assessment.
  • [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection when processing external metadata responses.
  • Ingestion points: Metadata endpoint responses (JSON and text formats) as described in SKILL.md and references/credential-extraction.md.
  • Boundary markers: None identified in the provided command snippets.
  • Capability inventory: Execution of cloud CLI tools and file system permission modifications across all scripts.
  • Sanitization: No validation or escaping of external content is specified in the audit methodology.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 08:15 AM