alibabacloud-data-agent-skill
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages long-running analysis tasks by spawning background worker processes via
subprocess.Popeninscripts/cli/worker_utils.py. The command is restricted to re-executing the current Python interpreter with the skill's own parameters. - [COMMAND_EXECUTION]: The utility in
scripts/cli/notify.pyexecutes local system binaries (openclaworclawdbot) viasubprocess.runto send progress updates to external agent platforms. - [DATA_EXFILTRATION]: Task updates and session metadata can be sent to a user-configured external endpoint via the
ASYNC_TASK_PUSH_URLenvironment variable inscripts/cli/notify.py. This is an intended integration feature. - [PROMPT_INJECTION]: The skill ingests data from external databases and files, representing a surface for indirect prompt injection.
- Ingestion points: External database query results and user-uploaded file contents in
scripts/cli/cmd_db.pyandscripts/cli/cmd_file.py. - Boundary markers: Lacks explicit delimiters for untrusted data interpolated into internal prompts.
- Capability inventory: Subprocess execution in
scripts/cli/worker_utils.pyandscripts/cli/notify.py, and external network requests inscripts/data_agent/client.pyandscripts/cli/notify.py. - Sanitization: Relies on structured API schemas but does not implement explicit content sanitization before processing data via the agent reasoning loop.
Audit Metadata