auth-web-cloudbase
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references a JavaScript SDK from a CDN using a 'latest' tag (
https://static.cloudbase.net/cloudbase-js-sdk/latest/cloudbase.full.js). This is a security risk as the content of the script can change without notice, potentially introducing breaking changes or malicious code if the CDN is compromised. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill documentation instructs the agent to 'Automatically use auth-tool-cloudbase' to perform setup tasks. This tool is an unverifiable dependency that is not part of a standard, trusted package registry, posing a risk if the agent attempts to download or execute it from an unknown source.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters via
auth.getUser()(user profile metadata) andauth.signInWithOAuth()(redirect URLs). - Boundary markers: Absent. There are no instructions to the agent to treat external user data as data only and ignore any instructions within it.
- Capability inventory: The skill has the capability to perform redirects (
window.location.href) and account modifications (auth.updateUser,auth.deleteMe). - Sanitization: Absent. External data is used directly without escaping or validation logic shown.
- [FALSE POSITIVE ALERT] (INFO): The automated scanner flagged 'auth.re' as a malicious URL. Analysis indicates this is likely a false positive caused by the scanner matching substrings within legitimate SDK methods such as
auth.reauthenticate().
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata