Skills
NYC
skills/tencentcloudbase/cloudbase-mcp/ai-model-nodejs/Gen Agent Trust Hub

ai-model-nodejs

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exposes an indirect prompt injection surface by interpolating untrusted user data directly into AI model requests.
  • Ingestion points: Untrusted data enters via the messages array in generateText/streamText and the prompt parameter in generateImage (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided snippets.
  • Capability inventory: The skill enables network operations to external AI model providers (Hunyuan, DeepSeek) and image generation capabilities.
  • Sanitization: No sanitization or validation of the input strings is performed before processing.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the @cloudbase/node-sdk package from the npm registry.
  • Evidence: Documentation instructs the user to run npm install @cloudbase/node-sdk.
  • Mitigation: The severity is lowered as this is the primary, stated purpose of the skill (using the official SDK for the platform).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM