Skills
skills/cinience/alicloud-skills/aliyun-hbr-backup/Gen Agent Trust Hub

aliyun-hbr-backup

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to use standard Alibaba Cloud credentials stored in environment variables or the shared credentials file (~/.alibabacloud/credentials). This is required for its intended functionality and follows cloud provider recommendations.
  • [EXTERNAL_DOWNLOADS]: The scripts/list_openapi_meta_apis.py script fetches API documentation and metadata from official Alibaba Cloud endpoints (api.aliyun.com). This is a legitimate operation for dynamic API discovery from a well-known service.
  • [PROMPT_INJECTION]: The skill processes metadata fetched from an external source, creating a potential ingestion surface for indirect prompt injection.
  • Ingestion points: Metadata is fetched from api.aliyun.com in scripts/list_openapi_meta_apis.py.
  • Boundary markers: Not present for the JSON data processed from the metadata endpoint.
  • Capability inventory: The skill is designed to perform cloud resource management via OpenAPI calls and SDKs as described in SKILL.md.
  • Sanitization: The script parses the JSON payload to extract API names without explicit sanitization, though it uses standard JSON parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 06:59 AM