alicloud-ai-entry-modelstudio-test
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to verify authentication by checking the
~/.alibabacloud/credentialsfile. This is a sensitive location used to store Alibaba Cloud access keys and secrets. - [EXTERNAL_DOWNLOADS]: The skill installs the
dashscopePython package from the standard registry. This is the official SDK for Alibaba Cloud Model Studio. - [COMMAND_EXECUTION]: The skill executes multiple shell commands for environment setup and validation, including:
- Virtual environment creation:
python3 -m venv .venvand. .venv/bin/activate. - Package installation:
python -m pip install dashscope. - File system operations:
mkdir -p output/alicloud-ai-entry-modelstudio-testand writing tovalidate.txt. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its core logic involves reading instructions and examples from external
SKILL.mdfiles within the repository and executing them. This is documented according to the required evidence chain: - Ingestion points: The agent reads content from
SKILL.mdandreferences/*.mdfiles located in various sub-directories underskills/ai/. - Boundary markers: There are no explicit markers or instructions provided to the agent to ignore or delimit potentially malicious instructions embedded in the external files being processed.
- Capability inventory: The agent has the capability to execute shell commands and run arbitrary SDK calls or scripts based on the content it reads.
- Sanitization: There is no evidence of sanitization or validation of the content read from the external skill files before it is used to drive agent actions.
Recommendations
- AI detected serious security threats
Audit Metadata