The Agent Skills Directory

[COMMAND_EXECUTION]: The check_env.js script uses execSync to verify the presence of dependencies. The command is restricted to npm list with hardcoded package names corresponding to official Alibaba Cloud SDKs, posing no risk of command injection.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of official Alibaba Cloud Node.js SDKs from the npm registry, which are trusted vendor resources.
[DATA_EXFILTRATION]: Network activity is confined to official Alibaba Cloud API endpoints (bailian.cn-beijing.aliyuncs.com and modelstudio.cn-beijing.aliyuncs.com) for performing knowledge base queries and workspace management. Sensitive credentials are managed via the standard Alibaba Cloud credential chain rather than being handled explicitly by the skill.
[PROMPT_INJECTION]: The skill acts as a RAG (Retrieval-Augmented Generation) interface, which is a surface for indirect prompt injection if retrieved knowledge base content contains malicious instructions. However, this is inherent to the skill's primary function. The skill implements input validation in retrieve.js using a regex (/[<>\{\}\[\]\$\|\;]/`) to filter potentially dangerous characters from user queries.

alibabacloud-bailian-rag-knowledgebase