cloud-agent
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to upload local files and metadata to cloud-based storage (S3/OSS) to enable processing by a remote agent. This operation is central to the skill's purpose of delegating local tasks to the cloud.
- [REMOTE_CODE_EXECUTION]: The skill allows the agent to run code (including Python, Node.js, and Shell) within isolated Docker containers on a cloud server. While this involves executing arbitrary code, the documentation specifies that this occurs within a secured, isolated sandbox environment.
- [PROMPT_INJECTION]: As the skill ingests untrusted data from user tasks and uploaded files, it presents a surface for indirect prompt injection where instructions inside files could influence the remote agent's behavior.
- Ingestion points: Data enters the cloud context via the
task,context, andfilesparameters in thecloud_agenttool call. - Boundary markers: The provided documentation does not define specific delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The remote environment can execute code, build and deploy projects to the public internet, and access cloud storage.
- Sanitization: There is no evidence of local sanitization or filtering of content before it is transmitted to the cloud.
Audit Metadata