alicloud-security-kms
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to access sensitive Alibaba Cloud credential files (
~/.alibabacloud/credentials) and environment variables (ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET). This access is a requirement for the skill's primary function but constitutes a high-value data exposure risk. - [EXTERNAL_DOWNLOADS]: The script
scripts/list_openapi_meta_apis.pyfetches JSON metadata fromapi.aliyun.com, a well-known service used by Alibaba Cloud. - [COMMAND_EXECUTION]: The skill performs shell command execution for validation (
mkdir,python -m py_compile) and runs a local Python script for API discovery. - [PROMPT_INJECTION]: This skill has an indirect prompt injection surface because it processes external data from the Alibaba Cloud metadata service which could be manipulated.
- Ingestion points: Remote JSON metadata retrieved from
api.aliyun.comwithinscripts/list_openapi_meta_apis.py. - Boundary markers: None identified; the skill does not use specific delimiters to isolate external data from its operational instructions.
- Capability inventory: The skill can read local credentials, write files to the
output/directory, and perform network requests as seen inSKILL.mdandscripts/list_openapi_meta_apis.py. - Sanitization: External data is parsed using the standard
json.loadslibrary, which provides structural validation but does not screen for instructional content.
Audit Metadata