aliyun-chatbot-manage
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/list_openapi_meta_apis.pyfetches OpenAPI metadata fromapi.aliyun.com. This is a well-known service, and the data is used for legitimate API discovery purposes. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data from an API metadata endpoint.
- Ingestion points: API documentation is downloaded from
api.aliyun.cominscripts/list_openapi_meta_apis.py. - Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard potential instructions within the retrieved metadata.
- Capability inventory: The skill executes local Python scripts and is designed to trigger Alibaba Cloud API calls via CLI or SDK as documented in
SKILL.md. - Sanitization: There is no evidence of sanitization or validation of the retrieved JSON content before it is presented to the agent's context.
- [SAFE]: Credential management instructions in
SKILL.mdrecommend the use of standard environment variables and official configuration paths (~/.alibabacloud/credentials), which is consistent with security best practices for cloud tooling.
Audit Metadata