ai-model-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [External Downloads] (SAFE): The skill references '@cloudbase/js-sdk'. This is an expected, well-known package for Tencent Cloud services and is used according to its primary purpose.
- [Data Exposure] (SAFE): No hardcoded secrets or sensitive file paths were found. Credentials are provided as placeholders, and the skill includes documentation advising the use of publishable keys over secret keys.
- [Indirect Prompt Injection] (SAFE): The skill defines an interface for passing user input to AI models. 1. Ingestion points: messages property in the generateText and streamText examples in SKILL.md. 2. Boundary markers: Absent in boilerplate snippets. 3. Capability inventory: Capability to call remote AI models via the CloudBase SDK. 4. Sanitization: Not present in the documentation. Since this represents the primary intended function of the skill and no malicious instructions are embedded, the risk is categorized as safe.
Audit Metadata