alicloud-ai-translation-anytrans
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: Fetches OpenAPI documentation from Alibaba Cloud's official metadata service (api.aliyun.com). This is a well-known service used for legitimate discovery of cloud API schemas.
- [CREDENTIALS_UNSAFE]: Recommends using standard Alibaba Cloud environment variables (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET) and configuration files (~/.alibabacloud/credentials). This follows security best practices for cloud credential management.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external JSON data fetched from the Alibaba Cloud OpenAPI metadata service to discover available APIs and parameters. Ingestion points: scripts/list_openapi_meta_apis.py fetches documentation from api.aliyun.com. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are provided for the fetched metadata. Capability inventory: The skill is intended to perform cloud resource operations (Create, Update, Modify) based on the discovered API schemas. Sanitization: No sanitization or validation of the fetched metadata is performed before it is used to guide agent actions.
Audit Metadata