alicloud-ai-chatbot
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses the Alibaba Cloud shared credentials file and environment variables for authentication. Evidence: The skill's workflow and scripts prioritize reading sensitive data from
~/.alibabacloud/credentialsand environment variables likeALICLOUD_ACCESS_KEY_ID. - [EXTERNAL_DOWNLOADS]: Downloads API metadata and documentation from official service endpoints. Evidence: The script
scripts/list_openapi_meta_apis.pyfetches JSON data fromhttps://api.aliyun.com/meta/v1/products/. - [PROMPT_INJECTION]: Processes external JSON metadata from Alibaba Cloud, which creates a potential surface for indirect prompt injection. Ingestion points: Remote JSON documents fetched in
scripts/list_openapi_meta_apis.py. Boundary markers: None are present in the processing logic to distinguish between data and instructions. Capability inventory: The skill executes local Python scripts as part of its validation and operation workflows. Sanitization: External metadata is parsed and written to local files without validation or escaping.
Audit Metadata