alicloud-ai-image-qwen-image-edit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to create output directories, verify script compilation, and execute a local Python helper script for request preparation.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill references standard Alibaba Cloud credential locations (e.g.,
~/.alibabacloud/credentials) and environment variables (DASHSCOPE_API_KEY) for authentication. It provides instructions to use these standard methods rather than hardcoding secrets, which is a safe practice. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official
dashscopeSDK via pip from standard repositories. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided prompts and images. While it lacks explicit boundary markers in the helper script, the risk is limited to the generation of the image request payload, which is then sent to the Alibaba Cloud API.
Audit Metadata