alibabacloud-cksync-plan
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the user with templates for SQL queries and shell commands (using
curl) to analyze cluster metadata and perform data operations likeBACKUPandRESTORE. These are intended for manual execution by the user and are central to the migration planning process. - [CREDENTIALS_UNSAFE]: To facilitate automated planning, the skill requests connection details including
HOST_NAME,USER_NAME, andPASSWORD. It mitigates risk by providing explicit security instructions inreferences/sql.md, recommending the use of environment variables and.netrcfiles to avoid plaintext exposure. - [EXTERNAL_DOWNLOADS]: The skill references technical documentation and compatibility guides from official and well-known sources, specifically
help.aliyun.comandclickhouse.com. These references are used neutrally for user guidance. - [DATA_EXFILTRATION]: The skill guides the user to collect metadata from ClickHouse system tables (e.g.,
system.parts,system.tables). This data is necessary for migration feasibility analysis and is not directed to unauthorized external destinations. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes cluster metadata provided by the user.
- Ingestion points: Database and table metadata (names, engines, sizes) entered by the user in
SKILL.mdStep 3. - Boundary markers: Data is organized into structured markdown tables within provided templates.
- Capability inventory: The skill has no autonomous execution capabilities (no tools or subprocess calls); it functions as a text-based advisory tool.
- Sanitization: No explicit sanitization of database metadata is mentioned, but the lack of dangerous capabilities mitigates the risk.
Audit Metadata