Skills
skills/cinience/alicloud-skills/aliyun-mps-manage/Gen Agent Trust Hub

aliyun-mps-manage

Fail

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to access sensitive local credential files for authentication.
  • Evidence: SKILL.md references the shared config file at ~/.alibabacloud/credentials under the 'AccessKey Priority' section.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves API metadata from an external source during execution.
  • Evidence: The script scripts/list_openapi_meta_apis.py fetches JSON documentation from Alibaba Cloud's official domain (api.aliyun.com) to discover available service operations.
  • [PROMPT_INJECTION]: The skill ingests data from an external API response which could serve as a vector for indirect instructions.
  • Ingestion points: scripts/list_openapi_meta_apis.py (line 45)
  • Boundary markers: Absent; the script parses the external JSON and generates a list of operations without specific delimiters or instructions to ignore embedded content.
  • Capability inventory: The skill is intended to perform mutate operations on cloud resources (e.g., AddPipeline, SubmitJobs, AddMediaWorkflow) based on the discovered API names.
  • Sanitization: Absent; the script processes keys directly from the JSON payload and writes them to local files for further agent use.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 30, 2026, 10:54 AM