volcengine-sdk-generator
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves service catalog metadata, API versions, and Swagger specifications from the official Volcengine API Explorer (api.volcengine.com). It also fetches updated integration guidelines from the official Volcengine organization on GitHub to ensure generated code remains compliant with the latest SDK standards.
- [DATA_EXFILTRATION]: The skill documentation correctly identifies standard configuration locations, such as ~/.volc/config, and instructs the agent to handle credentials via environment variables (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) or temporary STS tokens. This aligns with cloud provider best practices for secure secret management.
- [PROMPT_INJECTION]: The skill ingests and processes external documentation content (via volcengine.com/docs) and API schemas to generate functional code. This establishes a surface for indirect prompt injection; however, the risk is effectively mitigated by restricting data ingestion to trusted, vendor-controlled domains.
Audit Metadata