aliyun-qwen-image
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
dashscopePython package, which is the official library provided by Alibaba Cloud for interacting with their Model Studio services. - [CREDENTIALS_UNSAFE]: The helper script
scripts/generate_image.pyincludes logic to load API keys from standard locations, including theDASHSCOPE_API_KEYenvironment variable and the default Alibaba Cloud credentials file at~/.alibabacloud/credentials. This implementation follows the authentication patterns typical for cloud-integrated developer tools. - [COMMAND_EXECUTION]: The validation sequence in
SKILL.mduses thepy_compilemodule to verify that the Python script is syntactically correct. - [DATA_EXFILTRATION]: The Python script performs network requests to the DashScope API endpoints and downloads image content to the
output/directory based on the URLs returned by the service. - [PROMPT_INJECTION]: The skill provides an interface for the agent to pass user-defined text to the image generation model. It also supports a
reference_imageparameter that can read local files when a path is provided, which is a common feature for multi-modal image generation workflows.
Audit Metadata