Skills
skills/baidu-netdisk/bdpan-storage/baidu-drive/Gen Agent Trust Hub

baidu-drive

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The install.sh and update.sh scripts fetch installer binaries and skill update packages from issuecdn.baidupcs.com and pan.baidu.com. These domains are official Baidu infrastructure associated with the vendor author.
  • [REMOTE_CODE_EXECUTION]: The skill performs self-updates by downloading and extracting ZIP archives in update.sh and executes a downloaded installer in install.sh. These operations are limited to vendor-provided resources for tool maintenance.
  • [COMMAND_EXECUTION]: The skill invokes the bdpan CLI and local shell scripts to perform file operations and manage session states. It includes explicit instructions to avoid using unsafe flags like --yes for login or update tasks to ensure user oversight.
  • [DATA_EXFILTRATION]: While the skill manages network-based file transfers, the instructions explicitly prohibit the agent from reading or displaying the contents of ~/.config/bdpan/config.json, which contains sensitive access tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:44 PM