alicloud-platform-devops
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to access sensitive Alibaba Cloud credentials from environment variables such as ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET, as well as the standard local credentials file located at ~/.alibabacloud/credentials.
- [EXTERNAL_DOWNLOADS]: Fetches machine-readable OpenAPI metadata and documentation from official Alibaba Cloud domains (api.aliyun.com) to provide up-to-date API discovery features.
- [COMMAND_EXECUTION]: Includes multiple Python scripts (e.g., list_projects.py, list_repositories.py) that execute locally to perform resource inventory and inspection tasks via the Alibaba Cloud SDK.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting external API metadata.
- Ingestion points: The scripts/list_openapi_meta_apis.py file downloads JSON-formatted API documentation from an external URL.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the fetched metadata.
- Capability inventory: The skill has the ability to write files to the local output directory and perform authenticated API operations against Alibaba Cloud services.
- Sanitization: No explicit sanitization or structural validation is performed on the ingested JSON data before it is processed and presented to the agent.
Audit Metadata