aliyun-qwen-vl-test

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/smoke_test_qwen_vl.py uses importlib.util to dynamically load and execute logic from a target file (analyze_image.py) using a path computed relative to the script's location.
  • [COMMAND_EXECUTION]: The unit test file test_analyze_image.py employs a similar pattern, using importlib.util.spec_from_file_location and spec.loader.exec_module to dynamically load the code under test from the local file system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user and external images to be processed by a multimodal AI model.
  • Ingestion points: The prompt and image arguments in scripts/smoke_test_qwen_vl.py allow for arbitrary text and image paths/URLs to be passed to the model.
  • Boundary markers: There are no explicit delimiters or instructions provided in the script to separate user-provided data from the system prompt.
  • Capability inventory: The script executes AI model calls via mod.call_analyze, which could trigger unintended model behaviors if the input is poisoned.
  • Sanitization: No input validation or sanitization is performed on the prompt or image input before being sent to the model interface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 12:47 PM
Security Audit — agent-trust-hub — aliyun-qwen-vl-test