Skills
NYC
skills/tencentcloudbase/awesome-cloudbase-examples/auth-http-api-cloudbase/Gen Agent Trust Hub

auth-http-api-cloudbase

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill provides numerous shell command templates using curl. There is a risk of command injection if the agent interpolates untrusted data (like env or user-provided passwords) into these commands without proper shell escaping (e.g., a password containing backticks or shell metacharacters).
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill explicitly guides the agent to handle and transmit highly sensitive authentication data (clientId, clientSecret, refresh_token). It lacks instructions for the agent to avoid logging these secrets or to ensure they are handled securely within the agent's memory or output.
  • [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection (Category 8) exists as the agent ingests external data (credentials and user info) to be used in commands.
  • Ingestion points: User/external input for env, clientId, clientSecret, and authentication tokens.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded in the provided data.
  • Capability inventory: Shell execution via curl for network requests.
  • Sanitization: Absent. There are no guidelines for the agent to validate the structure of the env string or sanitize credentials before shell execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:50 PM