aliyun-qwen-vl-test
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/smoke_test_qwen_vl.pyusesimportlib.utilto dynamically load and execute logic from a target file (analyze_image.py) using a path computed relative to the script's location. - [COMMAND_EXECUTION]: The unit test file
test_analyze_image.pyemploys a similar pattern, usingimportlib.util.spec_from_file_locationandspec.loader.exec_moduleto dynamically load the code under test from the local file system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user and external images to be processed by a multimodal AI model.
- Ingestion points: The
promptandimagearguments inscripts/smoke_test_qwen_vl.pyallow for arbitrary text and image paths/URLs to be passed to the model. - Boundary markers: There are no explicit delimiters or instructions provided in the script to separate user-provided data from the system prompt.
- Capability inventory: The script executes AI model calls via
mod.call_analyze, which could trigger unintended model behaviors if the input is poisoned. - Sanitization: No input validation or sanitization is performed on the prompt or image input before being sent to the model interface.
Audit Metadata