aliyun-vod-manage-test
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
tests/common/compile_skill_scripts.py) using the command line to validate other skill scripts. This behavior is consistent with its stated purpose as a smoke test. - [DATA_EXPOSURE]: The skill references sensitive environment variables (
ALIBABACLOUD_ACCESS_KEY_IDandALIBABACLOUD_ACCESS_KEY_SECRET) as prerequisites. These are standard identifiers for authentication and the skill correctly instructs the user to manage them via environment variables rather than hardcoding them. - [PROMPT_INJECTION]: The skill contains an ingestion surface where it reads and interprets another skill's documentation to identify API commands to run.
- Ingestion points: Reads local file
skills/media/vod/aliyun-vod-manage/SKILL.md(SKILL.md). - Boundary markers: No delimiters or specific 'ignore' instructions are provided for the content read from the target file.
- Capability inventory: The agent is capable of executing local Python scripts and making API calls based on the read content.
- Sanitization: No content validation or sanitization of the input file is implemented.
Audit Metadata