alicloud-media-live
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions (SKILL.md) direct the agent to access sensitive local file paths to retrieve authentication secrets, specifically
~/.alibabacloud/credentials. Accessing these paths involves potential exposure of sensitive security credentials.\n- [EXTERNAL_DOWNLOADS]: The scriptscripts/list_openapi_meta_apis.pyfetches OpenAPI metadata from Alibaba Cloud's official metadata domain (api.aliyun.com). This is documented as a neutral finding because it targets a well-known technology service provider.\n- [COMMAND_EXECUTION]: The skill executes local Python scripts to discover available APIs and validate resource configurations as part of its management workflow.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its handling of external metadata.\n - Ingestion points: Fetches external JSON metadata from
api.aliyun.comwhich is then used to inform agent operations.\n - Boundary markers: Absent; no delimiters are present to separate the external data from the skill's operational logic.\n
- Capability inventory: The skill is capable of executing scripts and performing cloud resource mutations such as modifying live stream settings and domain configurations.\n
- Sanitization: Absent; the fetched JSON metadata is parsed and utilized without explicit sanitization or validation against embedded instructions.
Audit Metadata