alibabacloud-pts-reporter

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the official Aliyun CLI to perform read-only API calls. It includes explicit instructions to sanitize user-provided parameters (RegionId, SceneId, etc.) by rejecting shell metacharacters like backticks, dollar signs, and pipes, which effectively mitigates command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill references official installation paths for the Aliyun CLI and its PTS plugin from vendor-owned domains (aliyuncli.alicdn.com). These resources are consistent with the 'aliyun' author's identity and represent standard setup procedures for the required tooling.
  • [CREDENTIALS_UNSAFE]: The skill implements strong safety rules regarding authentication. It explicitly forbids reading, echoing, or asking the user for Access Keys or Secret Keys. Instead, it relies on pre-configured local profiles, which is a security best practice for CLI-based agents.
  • [DATA_EXFILTRATION]: The skill is restricted to analyzing performance report data within the user's Alibaba Cloud environment. No evidence of unauthorized data transfer to third-party domains was found.
  • [PROMPT_INJECTION]: The skill contains well-defined operational boundaries, explicitly instructing the agent to refuse requests that involve creating, starting, or stopping stress-testing scenarios, thereby maintaining its read-only purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:52 AM
Security Audit — agent-trust-hub — alibabacloud-pts-reporter