spice-cloud-management
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script constructs JSON bodies (e.g., in
create-appandadd-secret) by direct concatenation of command-line arguments. This lacks escaping, allowing input containing double quotes to break or manipulate the JSON structure. - [DATA_EXFILTRATION] (LOW): The script sends data to
api.spice.ai. While this is the intended purpose, it is a non-whitelisted domain and handles sensitive application secrets. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials were found; authentication relies on the
SPICE_API_TOKENenvironment variable.
Audit Metadata