Skills
skills/cinience/alicloud-skills/aliyun-cloudauth-verify-test/Gen Agent Trust Hub

aliyun-cloudauth-verify-test

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script located at tests/common/compile_skill_scripts.py to perform an offline compilation check of another skill.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is instructed to read external content from skills/security/identity/aliyun-cloudauth-verify/SKILL.md and use that information to decide which API calls to execute.
  • Ingestion points: Reads SKILL.md from the target skill path.
  • Boundary markers: None; the agent is instructed to read the target file and identify APIs directly.
  • Capability inventory: Includes local command execution (python3) and file system write operations to the output/ directory.
  • Sanitization: No validation or sanitization is performed on the instructions or API names extracted from the target skill's documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:55 PM