Skills
skills/cinience/alicloud-skills/aliyun-dashvector-search/Gen Agent Trust Hub

aliyun-dashvector-search

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the dashvector Python package. This is the official client library for Alibaba Cloud's DashVector vector database service.
  • [PROMPT_INJECTION]: The similarity search functionality in scripts/quickstart.py and SKILL.md exposes a SQL-like filter parameter. This creates a surface for indirect prompt injection if user-provided strings are interpolated into the filter without sanitization.
  • Ingestion points: The --filter command-line argument in scripts/quickstart.py and the filter parameter in collection.query calls.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to treat this input as potentially untrusted data.
  • Capability inventory: The skill is capable of querying and retrieving documents from a vector database based on these filters.
  • Sanitization: No sanitization or validation logic is implemented for the filter string.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:27 AM