auth-tool-cloudbase
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Detected surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The skill retrieves configuration data from external services using
DescribeLoginStrategy(Scenario 1),GetProviders(Scenario 6), andDescribeStaticDomain(Scenario 7). - Boundary markers: JSON payloads and prompt logic lack boundary markers or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The agent possesses high-privilege capabilities via
callCloudApi, including the ability to modify authentication providers (ModifyProvider), change login strategies (ModifyLoginStrategy), and generate API tokens (CreateApiKeyToken). - Sanitization: There is no evidence of sanitization or schema validation for data retrieved from the cloud environment before it is used to modify security settings (e.g., spreading
...LoginStrategyor...WeChatProvider.Configinto new payloads). - Command Execution (SAFE): While the skill invokes powerful cloud management APIs, these actions are consistent with the primary purpose of an authentication configuration tool and do not involve arbitrary shell command execution.
Audit Metadata