alibabacloud-vms-smart-call-by-tts

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Aliyun CLI binaries and plugins from official Alibaba Cloud domains (aliyuncli.alicdn.com and cli.aliyun-inc.com). These are trusted vendor sources.
  • [COMMAND_EXECUTION]: Executes system commands and internal Python scripts to perform cloud service interactions. An installer script safely manages CLI installation and PATH updates.
  • [CREDENTIALS_UNSAFE]: Adheres to secure credential management by reading from the standard Aliyun CLI configuration file (~/.aliyun/config.json) using a dedicated helper script. It prohibits hardcoding or printing secrets.
  • [DATA_EXFILTRATION]: No unauthorized exfiltration detected. Network activity is limited to official Alibaba Cloud API endpoints for service delivery.
  • [PROMPT_INJECTION]: Ingests natural language intents to generate voice call content. Risk is mitigated by server-side safety reviews and automated generation.
  • Ingestion point: UserMessage in SKILL.md.
  • Boundary markers: Server-side safety review.
  • Capability inventory: dyvmsapi SubmitIntent API.
  • Sanitization: Server-side sensitive-word screening.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:28 PM
Security Audit — agent-trust-hub — alibabacloud-vms-smart-call-by-tts