ai-model-nodejs
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the official @cloudbase/node-sdk package, which is a verified resource from the authoring vendor.
- [SAFE]: Configuration instructions for initialization involve the use of environment variable placeholders for sensitive credentials such as secretId and secretKey, promoting secure development practices.
- [SAFE]: The documentation includes guidance on setting appropriate execution timeouts for cloud functions when performing AI operations to ensure reliability and resource management.
- [PROMPT_INJECTION]: The skill's core functionality of processing message arrays for text and image generation presents an indirect prompt injection surface if untrusted data is included. 1. Ingestion points: The messages array in the generateText and streamText function calls in SKILL.md. 2. Boundary markers: Not specified in the current code examples; implementation of delimiters is recommended. 3. Capability inventory: Modification of cloud function settings through manageFunctions and execution of AI generation tasks. 4. Sanitization: Input validation and sanitization are not demonstrated in the provided usage patterns.
Audit Metadata