alibabacloud-data-agent-skill

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the subprocess module to manage background worker processes for long-running analysis tasks. Specifically, worker_utils.py spawns asynchronous workers by re-executing the Python interpreter with the current script's arguments, which is a standard pattern for CLI tools to achieve concurrency and background execution.
  • [EXTERNAL_DOWNLOADS]: The tool facilitates the download of generated reports, charts, and data files from Alibaba Cloud's official endpoints (aliyuncs.com). These operations are part of the core functionality and target URLs provided by authenticated API responses from the service.
  • [SAFE]: The implementation demonstrates several security best practices, including the use of the Alibaba Cloud default credential chain to avoid hardcoding secrets, automated redaction of sensitive fields in debug logs, and the provision of a minimal-privilege RAM policy for users.
  • [SAFE]: While the skill processes external data (databases and uploaded files) which presents an inherent surface for indirect prompt injection, this is the primary intended function of the tool and is handled via structured API responses and specific formatting logic to maintain context boundaries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:48 AM
Security Audit — agent-trust-hub — alibabacloud-data-agent-skill