alibabacloud-sls-data-agent
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs 'alibabacloud-credentials' and 'requests' via pip. These are well-known, versioned packages from trusted registries and represent the standard operating environment for Alibaba Cloud integrations.
- [DATA_EXFILTRATION]: The skill communicates with official Alibaba Cloud API endpoints (starops.cn-beijing.aliyuncs.com) to process data analysis requests. Network operations are limited to these official vendor domains and use industry-standard HMAC-SHA256 signing for authentication.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by utilizing the Alibaba Cloud Credentials SDK to resolve credentials from the environment, STS, or local profiles (~/.aliyun/config.json) rather than hardcoding secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied natural language questions. While this constitutes an ingestion surface, the skill is designed to output analysis results between explicit boundary markers and does not possess capabilities (such as code execution or file system modification based on API output) that could be exploited via injection.
Audit Metadata