alibabacloud-dataworks-infra-manage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's CLI templates (e.g., CreateDataSource/CreateComputeResource) require embedding ConnectionProperties JSON with "username" and "password" directly into single-line aliyun commands, which forces the agent to include secret values verbatim in generated output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's prerequisites include explicit wget/Invoke-WebRequest downloads of the Aliyun CLI from https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz (and macOS/windows equivalents), which fetch remote executable code that would be installed/executed and is required for the skill's runtime CLI operations.