Skills
skills/cinience/alicloud-skills/alicloud-ai-multimodal-qwen-vl-test/Gen Agent Trust Hub

alicloud-ai-multimodal-qwen-vl-test

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied prompts and images through the Qwen VL model, creating an indirect prompt injection surface.\n
  • Ingestion points: The --prompt and --image arguments in scripts/smoke_test_qwen_vl.py are passed directly to the analysis module.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are implemented in the test script.\n
  • Capability inventory: The skill executes network requests to the DashScope API and writes output JSON files to the local filesystem.\n
  • Sanitization: Input content is not sanitized or filtered before being sent to the model API.\n- [REMOTE_CODE_EXECUTION]: The script uses dynamic loading via importlib to import the analyze_image.py module from a relative path within the repository. This is a standard mechanism for code reuse and testing within the vendor's repository structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:15 AM