aliyun-wan-digital-human
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill uses standard environment variables (
DASHSCOPE_API_KEY) and official credential file paths (~/.alibabacloud/credentials) for authentication. This aligns with Alibaba Cloud's recommended security practices and does not involve hardcoded secrets. - [COMMAND_EXECUTION]: The skill includes a script
scripts/prepare_digital_human_request.pywhich performs basic file system operations (creating directories and writing JSON files). These operations are scoped to theoutput/directory as described in the operational guidance. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data in the form of image and audio URLs. While these represent an ingestion surface, the skill simply formats these into a structured JSON payload. There is no evidence of unsafe interpolation or execution of content retrieved from these URLs within the skill's own logic.
Audit Metadata