alibabacloud-dsc-audit
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation provides links to the official Alibaba Cloud CLI binaries. These downloads originate from a trusted vendor-controlled domain (aliyuncli.alicdn.com) and are required for the skill's environment.\n- [COMMAND_EXECUTION]: Python scripts use the official Alibaba Cloud SDK to perform queries and handling operations. The scripts include parameter validation and avoid dangerous shell execution patterns.\n- [DATA_EXFILTRATION]: The skill communicates exclusively with official cloud service endpoints. It utilizes secure credential handling practices by relying on the SDK's credential client rather than local storage or hardcoded values.\n- [PROMPT_INJECTION]: Retrieval of risk event data from the API exposes the agent to external content. This surface for indirect prompt injection is mitigated by the structured processing of the API response and the restricted capability set of the skill.
Audit Metadata