cloudinary
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation identifies
CLOUDINARY_URL,CLOUDINARY_API_KEY, andCLOUDINARY_API_SECRETas sensitive environment variables. It explicitly instructs the agent to avoid logging or echoing these secrets, which aligns with industry best practices for secret management. - [EXTERNAL_DOWNLOADS]: The skill recommends installing official, well-known packages from the service provider, specifically the Cloudinary Node.js SDK and the official Python-based CLI tool. These are standard dependencies for the service and do not represent a supply chain risk.
- [COMMAND_EXECUTION]: Use of the
Bashtool is restricted to standard asset management tasks such as uploading files or listing directory contents via the official Cloudinary CLI. No suspicious, obfuscated, or arbitrary command execution patterns were identified. - [DATA_EXFILTRATION]: Network activity is limited to retrieving official API documentation via
WebFetchand interacting with well-known service endpoints via official tools. No patterns suggesting unauthorized data transmission to untrusted external domains were detected.
Audit Metadata