tidbx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill instructs the agent to perform piped remote script execution from an untrusted source. Evidence:
curl https://raw.githubusercontent.com/tidbcloud/tidbcloud-cli/main/install.sh | shinSKILL.md. This pattern allows immediate, unverified execution of arbitrary code from a third-party repository (tidbcloud/tidbcloud-cli) not included in the Trusted External Sources list. - [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded in external data.
- Ingestion points: Remote data from
ticloud serverless listandticloud project list(File:SKILL.md). - Boundary markers: None identified.
- Capability inventory: Includes resource deletion (
ticloud serverless delete) and creation (ticloud serverless create) as defined inSKILL.mdandreferences/ticloud.md. - Sanitization: No evidence of input validation or escaping for resource names returned by the API.
- [Data Exposure & Exfiltration] (LOW): The skill recommends using the
--insecure-storageflag for authentication (ticloud auth login --insecure-storageinSKILL.md), which may result in credentials being stored in an unprotected format on the local filesystem.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/tidbcloud/tidbcloud-cli/main/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata