vefaas
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation recommends installing the
vefaasCLI using a direct URL to a.tgzarchive (https://vefaas-cli.tos-cn-beijing.volces.com/volcengine-vefaas-latest.tgz). Installing software from unversioned direct downloads outside of official package registries like NPM or GitHub increases the risk of supply chain attacks. - CREDENTIALS_UNSAFE (LOW): The skill's primary function involves managing and storing Volcengine Access Keys (AK) and Secret Keys (SK) in local files (
~/.vefaas/auth.json). While essential for the service, this creates a target for credential theft if the environment is compromised. - PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection):
- Ingestion points: The skill reads project-level metadata from files like
package.json,requirements.txt, and.envto auto-configure deployment settings. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from following malicious instructions hidden within these project files.
- Capability inventory: The
vefaastool allows for shell command execution, environment variable configuration, and remote code deployment. - Sanitization: There is no evidence that the CLI tool or the skill's instructions sanitize the contents of project files before processing them, potentially allowing an attacker to influence deployment parameters or execution logic.
Audit Metadata