alicloud-data-lake-dlf
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill instructions direct the agent to access sensitive credentials in environment variables (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET) and the shared configuration file at ~/.alibabacloud/credentials. While necessary for cloud resource management, this represents high-value data exposure, downgraded to medium because it is the primary intended use case.
- Data Exposure & Exfiltration (LOW): The script scripts/list_openapi_meta_apis.py performs network requests using urllib to api.aliyun.com. This is a non-whitelisted external domain according to the security guidelines.
- Indirect Prompt Injection (LOW): The skill ingests untrusted JSON metadata from an external API and writes it to local files. If the agent reads these files later, malicious content in the API descriptions could influence agent behavior. Evidence Chain: 1. Ingestion point: scripts/list_openapi_meta_apis.py (fetching from api.aliyun.com); 2. Boundary markers: Absent; 3. Capability inventory: Significant resource management via Alibaba Cloud SDKs; 4. Sanitization: Absent.
Audit Metadata