alibabacloud-pts-reporter
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the official Aliyun CLI to perform read-only API calls. It includes explicit instructions to sanitize user-provided parameters (RegionId, SceneId, etc.) by rejecting shell metacharacters like backticks, dollar signs, and pipes, which effectively mitigates command injection risks.
- [EXTERNAL_DOWNLOADS]: The skill references official installation paths for the Aliyun CLI and its PTS plugin from vendor-owned domains (aliyuncli.alicdn.com). These resources are consistent with the 'aliyun' author's identity and represent standard setup procedures for the required tooling.
- [CREDENTIALS_UNSAFE]: The skill implements strong safety rules regarding authentication. It explicitly forbids reading, echoing, or asking the user for Access Keys or Secret Keys. Instead, it relies on pre-configured local profiles, which is a security best practice for CLI-based agents.
- [DATA_EXFILTRATION]: The skill is restricted to analyzing performance report data within the user's Alibaba Cloud environment. No evidence of unauthorized data transfer to third-party domains was found.
- [PROMPT_INJECTION]: The skill contains well-defined operational boundaries, explicitly instructing the agent to refuse requests that involve creating, starting, or stopping stress-testing scenarios, thereby maintaining its read-only purpose.
Audit Metadata