alicloud-media-vod
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads OpenAPI metadata from Alibaba Cloud's official domain (api.aliyun.com). This is a well-known, trusted service used for API discovery and does not pose a security risk.
- [CREDENTIALS_UNSAFE]: The skill correctly references environment variables (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET) and standard configuration files (~/.alibabacloud/credentials) for authentication. No hardcoded secrets were found in the source code.
- [COMMAND_EXECUTION]: The skill includes a validation script that uses
py_compileto verify the syntax of the Python scripts. This is a standard development practice and is executed locally within the skill's own directory structure. - [DATA_EXFILTRATION]: Network operations are restricted to fetching API documentation from official Alibaba Cloud metadata services. There is no evidence of sensitive data being transmitted to unauthorized external domains.
- [PROMPT_INJECTION]: The instructions focus on workflow management and API discovery without attempting to override agent safety guidelines or system prompts.
Audit Metadata