qwencloud-image-generation
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill automatically resolves local file paths and uploads them to Alibaba Cloud (DashScope) temporary storage when performing image editing tasks. This is a core feature of the supported image-to-image models and is correctly documented as required for processing.
- [COMMAND_EXECUTION]: The update-check utility
scripts/gossamer.pyexecutes sibling scripts using the current Python interpreter to verify the version status. This execution is confined to the skill's internal directory structure and follows standard CLI patterns. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions for the agent to install or update vendor-provided skills from GitHub using the
npx skillscommand, ensuring the environment remains up-to-date with the author's latest releases. - [SAFE]: The skill adheres to security best practices, such as masking API keys in logs, using environment variables for secrets, and explicitly prohibiting the disclosure of credentials in plaintext. No evidence of obfuscation or malicious intent was found.
Audit Metadata