alibabacloud-dms-skill
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides detailed instructions to download the Aliyun CLI from official Alibaba Cloud domains (aliyuncli.alicdn.com). These resources are well-known vendor assets used for legitimate infrastructure management.
- [COMMAND_EXECUTION]: The skill utilizes shell scripts (execute_query.sh and search_database.sh) to interface with the Aliyun CLI. These scripts implement robust argument handling using Bash arrays to prevent command injection and include validation regex for SQL keywords to block destructive DDL operations like DROP and TRUNCATE.
- [CREDENTIALS_UNSAFE]: Includes explicit security guidelines that prohibit the display, echo, or hardcoding of Access Key and Secret Key values. It leverages the official Aliyun CLI configuration mechanism, ensuring credentials remain stored in the user's secure local environment.
- [PROMPT_INJECTION]: The skill implements a strict Parameter Confirmation policy, requiring the agent to confirm all user-customizable parameters (such as SQL statements and Database IDs) with the user before execution, which serves as a mitigation against unintended command execution.
Audit Metadata