using-medusa-cloud
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user through installing the Medusa Cloud CLI (@medusajs/mcloud) from the npm registry. This is a legitimate installation of the vendor's official tool.
- [COMMAND_EXECUTION]: The skill utilizes the mcloud CLI to perform infrastructure operations. It includes procedural safeguards, such as requiring context verification with 'mcloud whoami' and mandating confirmation flags for destructive actions.
- [DATA_EXPOSURE]: The skill provides methods for accessing and managing environment variables. It incorporates specific instructions to keep secret values masked unless the user explicitly requests their revelation, mitigating accidental exposure in logs and process lists.
- [INDIRECT_PROMPT_INJECTION]: The skill defines workflows for ingesting and analyzing deployment logs. It mitigates potential boundary issues by requiring the use of structured JSON output and jq for data extraction, rather than relying on unstructured text parsing.
Audit Metadata