alicloud-network-cdn
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads machine-readable API metadata from Alibaba Cloud's official domain (api.aliyun.com). This is a well-known service used to fetch updated definitions for the OpenAPI and is considered safe.
- [DATA_EXFILTRATION]: While the skill interacts with sensitive environment variables such as
ALICLOUD_ACCESS_KEY_IDandALICLOUD_ACCESS_KEY_SECRET, it does not transmit this data to any unauthorized third-party domains. Network activity is limited to official Alibaba Cloud API endpoints. - [COMMAND_EXECUTION]: The skill includes Python scripts that use standard libraries (urllib, json, argparse) to interact with APIs. There is no evidence of arbitrary command execution, shell injection, or unsafe process spawning.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill correctly instructs users to use environment variables or local shared credential files, emphasizing the use of temporary STS tokens for security.
- [PROMPT_INJECTION]: The skill instructions and YAML configurations do not contain patterns intended to bypass agent safety filters or override system instructions.
Audit Metadata