alibabacloud-security-health-check

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell scripts (scripts/collectors/*.sh) to invoke the official Alibaba Cloud CLI (aliyun) and jq for data collection. These operations are restricted to read-only API calls (Describe*) intended to fetch configuration status without altering environment settings.
  • [EXTERNAL_DOWNLOADS]: The run.sh script is designed to download the Alibaba Cloud CLI from the vendor's official CDN (aliyuncli.alicdn.com) if it is not present. Additionally, the HTML report template includes a reference to the well-known chart.js library via a public CDN (jsdelivr.net) for data visualization.
  • [SAFE]: The skill implements a rigorous 'Final Response Verification' protocol that requires the agent to cross-reference final output against the scores.json source of truth. This design pattern actively mitigates against hallucination and ensures numeric accuracy in the customer-facing summary.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 01:57 AM
Security Audit — agent-trust-hub — alibabacloud-security-health-check