aliyun-vod-manage-test

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (tests/common/compile_skill_scripts.py) using the command line to validate other skill scripts. This behavior is consistent with its stated purpose as a smoke test.
  • [DATA_EXPOSURE]: The skill references sensitive environment variables (ALIBABACLOUD_ACCESS_KEY_ID and ALIBABACLOUD_ACCESS_KEY_SECRET) as prerequisites. These are standard identifiers for authentication and the skill correctly instructs the user to manage them via environment variables rather than hardcoding them.
  • [PROMPT_INJECTION]: The skill contains an ingestion surface where it reads and interprets another skill's documentation to identify API commands to run.
  • Ingestion points: Reads local file skills/media/vod/aliyun-vod-manage/SKILL.md (SKILL.md).
  • Boundary markers: No delimiters or specific 'ignore' instructions are provided for the content read from the target file.
  • Capability inventory: The agent is capable of executing local Python scripts and making API calls based on the read content.
  • Sanitization: No content validation or sanitization of the input file is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:47 PM
Security Audit — agent-trust-hub — aliyun-vod-manage-test