aliyun-solution-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/run_workflow.pyto execute helper scripts likeload_preferences.pyandbuild_outline.py. These calls use list-based arguments and do not invoke a shell, which is a secure method for executing internal sub-processes. - [PROMPT_INJECTION]: The skill ingests user-provided Markdown articles to derive image generation prompts. This represents an indirect prompt injection surface where a crafted article could attempt to influence the instructions sent to the image generation backend.
- Ingestion points: The source article is read from the path provided to the
--sourceargument inscripts/run_workflow.py. - Boundary markers: None explicitly implemented in the provided scripts to separate user content from prompt templates.
- Capability inventory: The skill can write files to the local filesystem and execute subprocesses via
run_workflow.py. - Sanitization: No visible sanitization of the input article content before it is used to build prompts.
- [DATA_EXPOSURE]: The
scripts/load_preferences.pyscript accesses configuration files from the user's home directory (~/.alicloud-skills/.../EXTEND.md) and the project root. This is a standard practice for persistent user preferences and is limited to specific filenames.
Audit Metadata