alicloud-ai-image-qwen-image
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
scripts/generate_image.pyscript accesses sensitive configuration and credential files at~/.alibabacloud/credentialsand.envto retrieve API keys. This is standard behavior for an Alibaba Cloud integration but involves access to sensitive data. - [DATA_EXFILTRATION]: The
resolve_reference_imagefunction inscripts/generate_image.pyreads the binary content of any local file path provided in thereference_imageparameter. Since this content is then transmitted to the external DashScope API, it creates a risk of exfiltrating sensitive local files (e.g., SSH keys or environment configs) if an attacker can control the input path. - [COMMAND_EXECUTION]: The skill requires executing local Python scripts (
scripts/generate_image.py) and shell commands (curl,python -m pip install) to perform its tasks. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: User-provided
prompt,negative_prompt, andreference_imagepaths within the JSON request processed byscripts/generate_image.py. - Boundary markers: None detected in the script or instructions to isolate untrusted user inputs from system instructions.
- Capability inventory: File system read (
Path.read_bytes), network transmission via DashScope SDK (ImageGeneration.call), and file system write (Path.write_bytesviadownload_image). - Sanitization: No sanitization or validation is performed on the prompt text or the file paths provided for reference images.
Audit Metadata