alicloud-backup-hbr
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions specify the use of standard Alibaba Cloud authentication methods, including environment variables and the local shared credentials file (~/.alibabacloud/credentials). This is the expected behavior for a cloud management integration.
- [EXTERNAL_DOWNLOADS]: The skill includes a Python script that retrieves API metadata from api.aliyun.com, which is the official domain for Alibaba Cloud services. These downloads are essential for discovering available API operations.
- [COMMAND_EXECUTION]: The SKILL.md documentation includes a validation script that uses the py_compile module to verify the integrity of the included Python scripts.
- [PROMPT_INJECTION]: The skill processes data from external API documentation. While this creates a surface for indirect prompt injection, the risk is mitigated by using official and trusted sources for the data ingestion.
Audit Metadata