aliyun-qwen-tts
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/generate_tts.pyis configured to read sensitive API credentials from the local file system at~/.alibabacloud/credentialsif not found in environment variables. - [DATA_EXFILTRATION]: In
scripts/generate_tts.py, thecall_generatefunction permits the API's base URL to be overridden by the input request (req.get("base_url", ...)). If the skill processes untrusted data that specifies a malicious URL, theDASHSCOPE_API_KEY(harvested from the environment or credentials file) would be transmitted to that unauthorized external server. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests potentially untrusted JSON data via the
--requestor--filearguments inscripts/generate_tts.pywithout boundary markers or sanitization, and uses this data to influence network requests. - [EXTERNAL_DOWNLOADS]: The skill fetches the
dashscopepackage from the official Python package registry, which is the legitimate SDK for Alibaba Cloud's Model Studio. - [COMMAND_EXECUTION]: The documentation and scripts involve executing shell commands for package management (
pip install), script compilation (py_compile), and running the TTS generation utility.
Audit Metadata