aliyun-modelstudio-entry-test-test

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (tests/common/compile_skill_scripts.py) to perform an offline compilation check of skill scripts. This is a standard development and testing procedure that does not involve remote code or elevated privileges.
  • [CREDENTIALS_UNSAFE]: The skill instructions reference standard Alibaba Cloud environment variables (ALIBABACLOUD_ACCESS_KEY_ID, ALIBABACLOUD_ACCESS_KEY_SECRET, ALIBABACLOUD_REGION_ID) for authentication. It correctly follows security best practices by using environment variables and recommending least-privilege configurations instead of hardcoding secrets.
  • [INDIRECT_PROMPT_INJECTION]: The skill involves reading a local file (SKILL.md of a sibling skill) and executing API calls based on its contents. While this represents a data ingestion surface, the source is local to the repository and the operations are restricted to read-only API calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:47 PM
Security Audit — agent-trust-hub — aliyun-modelstudio-entry-test-test