Cloudinary Automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from an external source (Cloudinary assets, tags, and folder names). Ingestion points:
CLOUDINARY_SEARCH_FOLDERS,CLOUDINARY_GET_RESOURCES_BY_ASSET_FOLDER, andCLOUDINARY_GET_RESOURCE_BY_PUBLIC_IDfetch data that can be influenced by anyone with write access to the Cloudinary account. Capability inventory: The skill can create webhooks (CLOUDINARY_CREATE_TRIGGER), modify asset metadata (CLOUDINARY_EXPLICIT_RESOURCE), and retrieve account configuration (CLOUDINARY_GET_CONFIG). Sanitization: No evidence of sanitization or boundary markers for the data fetched from Cloudinary before it is used in subsequent agent reasoning. - [External Downloads] (MEDIUM): The skill requires the
rubeMCP server fromhttps://rube.app/mcp. This is an unverified external source not included in the Trusted Sources list. - [Data Exposure] (MEDIUM):
CLOUDINARY_GET_CONFIGallows the agent to fetch environment configuration details. Depending on how Cloudinary is configured, this might expose sensitive internal settings or metadata. - [Data Exfiltration] (LOW):
CLOUDINARY_CREATE_TRIGGERallows the agent to set up webhooks to arbitrary URLs. While a core feature, it provides a native mechanism for data exfiltration if the agent is subverted via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata