alibabacloud-vms-smart-call-by-tts
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches Aliyun CLI binaries and plugins from official Alibaba Cloud domains (
aliyuncli.alicdn.comandcli.aliyun-inc.com). These are trusted vendor sources. - [COMMAND_EXECUTION]: Executes system commands and internal Python scripts to perform cloud service interactions. An installer script safely manages CLI installation and PATH updates.
- [CREDENTIALS_UNSAFE]: Adheres to secure credential management by reading from the standard Aliyun CLI configuration file (
~/.aliyun/config.json) using a dedicated helper script. It prohibits hardcoding or printing secrets. - [DATA_EXFILTRATION]: No unauthorized exfiltration detected. Network activity is limited to official Alibaba Cloud API endpoints for service delivery.
- [PROMPT_INJECTION]: Ingests natural language intents to generate voice call content. Risk is mitigated by server-side safety reviews and automated generation.
- Ingestion point: UserMessage in SKILL.md.
- Boundary markers: Server-side safety review.
- Capability inventory: dyvmsapi SubmitIntent API.
- Sanitization: Server-side sensitive-word screening.
Audit Metadata