alicloud-security-content-moderation-green
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill references standard Alibaba Cloud credential storage locations like environment variables and the
~/.alibabacloud/credentialsfile, which is expected behavior for its intended purpose. - [EXTERNAL_DOWNLOADS]: The script
scripts/list_openapi_meta_apis.pyfetches OpenAPI metadata fromapi.aliyun.com, which is a well-known service for Alibaba Cloud API discovery. - [COMMAND_EXECUTION]: The skill involves executing local maintenance scripts and a validation command (
py_compile) to ensure script integrity. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external JSON data from the Alibaba Cloud metadata service. Ingestion points:
scripts/list_openapi_meta_apis.py. Boundary markers: Absent. Capability inventory: File system write access and cloud API interaction. Sanitization: Standard JSON parsing.
Audit Metadata