alicloud-platform-docs-api-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The SKILL.md documentation instructs users to provide ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET as prerequisites. However, an analysis of scripts/review_product_docs_and_api.py shows that these credentials are never accessed or utilized by the code, which only fetches public metadata. Requesting unneeded high-privilege credentials increases the risk of accidental data exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web sources.
- Ingestion points: The script scripts/review_product_docs_and_api.py scrapes HTML content from www.aliyun.com and help.aliyun.com.
- Boundary markers: The scraped content is placed directly into a markdown report without using delimiters or providing the agent with instructions to ignore embedded commands.
- Capability inventory: The skill can write files to the output directory and perform network requests.
- Sanitization: There is no sanitization or escaping of the fetched HTML content before it is included in the final report.
- [EXTERNAL_DOWNLOADS]: The script fetches product and API metadata from official Alibaba Cloud domains, including api.aliyun.com and www.aliyun.com.
Audit Metadata