alibabacloud-safety-checker
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a specialized testing utility for Alibaba Cloud services. It uses official Python SDKs (alibabacloud-green20220302, alibabacloud-credentials) to interact with moderation endpoints.
- [COMMAND_EXECUTION]: The skill uses subprocess.run to orchestrate internal Python scripts (verify_auth.py, main.py, etc.) and to invoke the agent-browser tool for browser automation. This behavior is documented and aligns with the skill's primary purpose of automating cloud console configurations.
- [EXTERNAL_DOWNLOADS]: The skill communicates with Alibaba Cloud API endpoints (e.g., green-cip.cn-shanghai.aliyuncs.com). These are well-known, trusted service domains belonging to the vendor (Alibaba Cloud).
- [PROMPT_INJECTION]: The assets/ directory contains numerous prompt injection and jailbreak payloads (e.g., DAN, EvilBOT). These are exclusively used as static test samples for evaluating the effectiveness of moderation guardrails and are not used to influence the agent's own behavior or bypass its safety filters.
- [CREDENTIALS_UNSAFE]: The skill implements standard Alibaba Cloud credential management by utilizing the default credential chain (supporting environment variables, credential files, and RAM roles), avoiding hardcoded secrets.
Audit Metadata