aliyun-happyhorse-r2v
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with official Alibaba Cloud API endpoints (
dashscope.aliyuncs.comanddashscope-intl.aliyuncs.com) to generate videos. This is expected behavior for its stated purpose. - [CREDENTIALS_UNSAFE]: No hardcoded secrets were found. The skill correctly instructs users to provide the
DASHSCOPE_API_KEYvia environment variables or the standard Alibaba Cloud credentials file (~/.alibabacloud/credentials). - [EXTERNAL_DOWNLOADS]: The skill installs the well-known and trusted
requestsPython library. No suspicious third-party packages or remote scripts are executed. - [COMMAND_EXECUTION]: The validation step uses
python -m py_compileto verify script syntax, which is a safe and standard development practice. - [PROMPT_INJECTION]: Indirect prompt injection is a potential risk as the skill processes user-supplied prompts and image URLs. However, this is an inherent surface for AI video generation tools rather than a malicious implementation. The skill uses a structured API request format which helps maintain clear boundaries between instructions and data.
Audit Metadata