aliyun-aimiaobi-generate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes a Python script (
scripts/list_openapi_meta_apis.py) that fetches API metadata fromhttps://api.aliyun.com. This is a well-known service provided by Alibaba Cloud, and the script is used for resource discovery rather than remote code execution. - [DATA_EXPOSURE]: The skill manages cloud access using standard Alibaba Cloud environment variables (
ALIBABACLOUD_ACCESS_KEY_ID,ALIBABACLOUD_ACCESS_KEY_SECRET) and configuration files (~/.alibabacloud/credentials). This access is necessary for the skill's primary function and follows documented cloud management practices without signs of exfiltration. - [INDIRECT_PROMPT_INJECTION]: The skill processes metadata from an external API endpoint. While this is an ingestion point for external data, the source is an official cloud provider domain, and the risk of injection affecting agent behavior is low given the structured nature of the JSON response.
- Ingestion points:
scripts/list_openapi_meta_apis.pyfetches data fromapi.aliyun.com. - Boundary markers: None explicitly defined for external metadata parsing.
- Capability inventory: Local Python script execution and Alibaba Cloud OpenAPI interaction.
- Sanitization: Uses standard
json.loadsfor parsing downloaded metadata.
Audit Metadata