aliyun-dlf-manage
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches OpenAPI metadata from Alibaba Cloud's official metadata service (api.aliyun.com). This is a well-known service used to discover API schemas for the DataLake product and does not involve executing remote code.
- [CREDENTIALS_UNSAFE]: The skill documentation correctly instructs the user to provide credentials via standard environment variables (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET) or a local credentials file (~/.alibabacloud/credentials). No hardcoded secrets were found in the scripts or documentation.
- [COMMAND_EXECUTION]: The skill executes local Python scripts to organize documentation and perform validation (py_compile). These operations are restricted to the skill's own scripts and the defined output directory.
- [DATA_EXFILTRATION]: Network activity is restricted to GET requests to Alibaba Cloud's official API metadata domain (api.aliyun.com) to retrieve product documentation. There are no patterns suggesting the exfiltration of sensitive data to unauthorized third parties.
- [INDIRECT_PROMPT_INJECTION]: The skill processes JSON data from the Alibaba Cloud metadata API. While this is an external ingestion point, the risk is low as the data is used to generate documentation lists (API names) and the capability of the scripts is limited to local file writing and printing.
Audit Metadata