alicloud-ai-search-text-embedding
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard command-line operations for validation and script execution. The
python -m py_compilecommand inSKILL.mdis a routine check for syntax correctness. - [EXTERNAL_DOWNLOADS]: The skill references official Alibaba Cloud documentation for Model Studio. These are well-known, trusted documentation sources for the service.
- [DATA_EXPOSURE]: The
prepare_embedding_request.pyscript writes user-supplied text to a local JSON file for further processing. This is consistent with the skill's primary function and does not involve unauthorized data access. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external text inputs. However, it implements proper data structuring using
json.dumpsto maintain boundaries. - Ingestion points: The
--textcommand-line argument inscripts/prepare_embedding_request.py. - Boundary markers: The input is encapsulated within a JSON object structure.
- Capability inventory: The script performs local file writes to save the generated payload.
- Sanitization: Employs standard JSON encoding which prevents basic injection into the data structure.
Audit Metadata