a6-plugin-serverless
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples of using the
a6CLI tool to manage gateway route configurations. - [REMOTE_CODE_EXECUTION]: The skill documents the execution of arbitrary Lua code strings within the Apache APISIX gateway environment. Ingestion points: The
functionsarray in thea6configuration snippets. Boundary markers: Absent; functions are provided as raw strings. Capability inventory: Lua code can access and modify request/response data and control traffic flow. Sanitization: Not present in the provided configuration examples. - [CREDENTIALS_UNSAFE]: Example 8 contains a hardcoded authentication token
Bearer secret123used for demonstration.
Audit Metadata