cloud-access-management
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a Python helper script (
scripts/cloud_access.py) to manage user invitations, roles, and API keys. This is the primary intended functionality for cloud administration. - [SAFE]: The skill includes advanced data handling to prevent credential leakage. The helper script automatically redacts sensitive fields like 'key' and 'token' from the standard output viewed by the AI agent. Instead, it writes unredacted secrets to a temporary file with restrictive file permissions (0600), ensuring only the local user can access them. Furthermore, the instructions explicitly forbid the agent from reading or summarizing these secret files.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
api.elastic-cloud.comand user-provided Elasticsearch endpoints. These are legitimate, well-known service domains associated with the skill's vendor (Elastic).
Audit Metadata