The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements an automated 'Coverage Check' that searches the conversation history for base directories of other skills and attempts to read a 'ram-policies.md' file from those locations. This represents an indirect prompt injection surface where a malicious or compromised skill could provide crafted permission hints that influence the agent's diagnostic logic or recommendation output. Evidence: (1) Ingestion point: 'references/ram-policies.md' (documented in 'references/diagnose-flow.md'); (2) Boundary markers: Absent; (3) Capability inventory: High-privilege RAM modification via 'aliyun ram' CLI (documented in 'references/ram-cli-commands.md'); (4) Sanitization: Absent.
[COMMAND_EXECUTION]: The skill is authorized to perform high-privilege operations using the aliyun CLI, including creating and attaching RAM policies and updating role trust relationships. While this is its primary function, it grants the agent significant autonomous control over the cloud environment's security configuration, particularly via 'Path A' for direct execution. Additionally, the skill utilizes dynamic shell command substitution in 'references/ram-cli-commands.md' to process diagnostic tokens extracted from temporary files, which could serve as a command injection vector if the tool output used to populate those files can be manipulated.

alibabacloud-ram-permission-diagnose