auth-tool-cloudbase
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted external configuration data and using it within sensitive cloud management API payloads.
- Ingestion points: Variables including environment IDs (
env), WeChat credentials (AppID,AppSecret), and Google OAuth credentials (Client ID,Client Secret) are ingested from the agent context and used inSKILL.md. - Boundary markers: No explicit delimiters or boundary markers are defined to isolate user-supplied configuration values from the structure of the API request templates.
- Capability inventory: The skill uses powerful service actions such as
ModifyLoginConfigandModifyProviderwithin thetcbandlowcodeservices, which can alter the security configuration of the environment. - Sanitization: The skill's instructions lack logic for sanitizing, validating, or escaping external inputs before they are interpolated into the JSON request bodies for management operations.
Audit Metadata