Skills
skills/cinience/alicloud-skills/alicloud-ai-video-wan-r2v/Gen Agent Trust Hub

alicloud-ai-video-wan-r2v

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the dashscope package from PyPI. This is the official Python SDK for Alibaba Cloud's Model Studio (DashScope) and is a standard requirement for using their AI video generation services.
  • [COMMAND_EXECUTION]: The skill uses local shell commands for environment setup, package installation, and execution of a provided Python helper script (prepare_r2v_request.py). These commands are standard for managing a development environment and preparing API requests.
  • [DATA_EXFILTRATION]: The skill provides instructions for configuring the DASHSCOPE_API_KEY via environment variables or the official ~/.alibabacloud/credentials file. These are standard authentication methods for the Alibaba Cloud SDK and no malicious exfiltration patterns were detected.
  • [PROMPT_INJECTION]: The skill ingests user-provided text prompts and reference media which are passed to the underlying video generation model. This is the primary function of the skill; while it represents a surface for indirect prompt injection (Category 8), it uses a structured JSON interface to manage these inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 11:50 PM