Skills
skills/cinience/alicloud-skills/alicloud-ai-text-document-mind/Gen Agent Trust Hub

alicloud-ai-text-document-mind

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of official Alibaba Cloud SDK packages from the npm registry (@alicloud/docmind-api20220711, @alicloud/tea-util, and @alicloud/credentials). These are verified packages from a well-known service provider.
  • [PROMPT_INJECTION]: The skill facilitates the processing of external documents via the DOCMIND_FILE_URL environment variable, which constitutes a surface for indirect prompt injection if the parsed output is later interpreted by an agent without proper sanitization.
  • Ingestion points: Environment variables DOCMIND_FILE_URL and DOCMIND_FILE_NAME (scripts/quickstart.js).
  • Boundary markers: None present; the skill retrieves and logs raw results from the external API.
  • Capability inventory: Performs network operations to Alibaba Cloud API endpoints (aliyuncs.com).
  • Sanitization: None; the skill is a pass-through for the cloud provider's document parsing service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:14 AM