aliyun-cloudfw-manage
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/list_openapi_meta_apis.pyfetches OpenAPI metadata from Alibaba Cloud's official domain (api.aliyun.com). This is a legitimate operation for a cloud management skill to retrieve the latest API schemas and does not involve executing remote code. - [DATA_EXPOSURE]: The skill instructions in
SKILL.mdidentify standard Alibaba Cloud credential locations, including environment variables (ALICLOUD_ACCESS_KEY_ID) and the local configuration file~/.alibabacloud/credentials. These references are standard practice for cloud management tools requiring authentication. - [COMMAND_EXECUTION]: The skill executes local Python scripts to fetch metadata and perform syntax validation on its own script files (
py_compile). These operations are scoped to the skill's execution environment and used for routine setup and discovery tasks. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: API documentation JSON is fetched from an external source (
api.aliyun.com) viascripts/list_openapi_meta_apis.pyand saved to the output directory. - Boundary markers: Not present; the content is written directly to JSON and Markdown files for agent consumption.
- Capability inventory: The skill has the capability to execute shell commands and write to the local file system.
- Sanitization: The fetched content is parsed as JSON but the resulting text is not sanitized for instructions before being formatted into the output markdown files. Given the source is a well-known service, the risk is negligible.
Audit Metadata