scf-worker
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill documentation and code examples correctly emphasize the use of environment variables and KMS for managing sensitive information like
SECRET_KEYandMYSQL_PASSWORD. The templates provided in the documentation useprocess.envrather than hardcoding credentials. - [COMMAND_EXECUTION]: The skill focuses on Node.js 18 runtime environments. Analysis of the provided code examples in
SKILL.mdandEXAMPLES.mdshows no usage of dangerous system command execution functions likechild_process.execoreval. - [EXTERNAL_DOWNLOADS]: The skill references standard, well-known libraries such as
tencentcloud-sdk-nodejs,cos-nodejs-sdk-v5,axios,mysql2, andpino. These are legitimate dependencies for the stated purpose of cloud function development. - [PROMPT_INJECTION]: The instructions and rules are strictly professional and technical. There are no attempts to bypass safety filters or override the agent's core instructions.
- [DATA_EXFILTRATION]: Network operations are restricted to standard cloud service interactions (Tencent Cloud STS/COS) and database connections. No unauthorized data exfiltration patterns were detected.
Audit Metadata