aliyun-dlf-manage-next
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access sensitive credentials via environment variables (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET) and the standard shared configuration file (~/.alibabacloud/credentials) to authorize API requests.\n- [EXTERNAL_DOWNLOADS]: The script scripts/list_openapi_meta_apis.py fetches OpenAPI documentation and metadata from Alibaba Cloud's official domain (api.aliyun.com), which is a well-known service infrastructure.\n- [COMMAND_EXECUTION]: The skill uses shell commands for Python script execution and uses the py_compile module for internal script validation.
Audit Metadata