Skills
NYC
skills/tencentcloudbase/awesome-cloudbase-examples/cloudbase-document-database-web-sdk/Gen Agent Trust Hub

cloudbase-document-database-web-sdk

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Prompt Injection (HIGH): High risk of Indirect Prompt Injection (Category 8) due to the combination of external data ingestion and write capabilities. \n
  • Ingestion points: Untrusted data is retrieved via db.collection().get() and watcher.onChange() as shown in SKILL.md, pagination.md, and realtime.md. \n
  • Boundary markers: Absent. There are no instructions or examples demonstrating the use of delimiters (e.g., XML tags or triple quotes) to isolate data from the agent's instructions. \n
  • Capability inventory: The skill enables high-impact side-effecting operations including add(), update(), and delete(). \n
  • Sanitization: Absent. No logic for validating, escaping, or filtering database content is provided. \n- External Downloads (MEDIUM): The skill relies on the @cloudbase/js-sdk Node.js package. While this is a standard library for Tencent CloudBase, it is an external dependency from a source that is not listed in the trusted scope, necessitating verification. \n- Command Execution (LOW): The skill documents the use of database methods that modify external state. While intended, this increases the potential impact of a prompt injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:48 AM