tos-file-access
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes a utility
scripts/file_download.pythat downloads files from user-provided URLs using therequestslibrary. This functionality is intended to allow the agent to fetch data for processing within the local workspace.\n- [DATA_EXFILTRATION]: The skill enables uploading local files and directories to Volcano Engine TOS viascripts/tos_upload.py. While this sends data to a remote service, it is directed to the vendor's officialvolces.comendpoints and is the primary function of the skill.\n- [CREDENTIALS_UNSAFE]: The documentation includes instructions for the agent to guide users in setting upVOLCENGINE_ACCESS_KEYandVOLCENGINE_SECRET_KEYenvironment variables. This is a legitimate requirement for authenticating with the storage service.\n- [PROMPT_INJECTION]: The skill acts as an ingestion point for external data by downloading files from arbitrary URLs, which could potentially contain malicious instructions for subsequent agent steps.\n - Ingestion points:
scripts/file_download.pydownloads content from external URLs to the local filesystem.\n - Boundary markers: Absent; the script does not include delimiters or specific instructions for the agent to ignore embedded commands in downloaded files.\n
- Capability inventory: The skill possesses file system access and network upload capabilities through the
tosSDK.\n - Sanitization: Absent; files are saved in their original raw format without validation of contents.
Audit Metadata