alibabacloud-rds-copilot
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation commands for the Alibaba Cloud CLI that download and execute a script from 'https://aliyuncli.alicdn.com/install.sh'. This script originates from the official vendor domain and is the standard installation method for the required tooling.
- [COMMAND_EXECUTION]: The core functionality of the skill involves constructing and executing 'aliyun' CLI commands to query the RDS AI service. It uses the 'rdsai chat-messages' action to facilitate intelligent database operations.
- [CREDENTIALS_UNSAFE]: The skill includes documentation on configuring Alibaba Cloud AccessKeys. It explicitly advises against hardcoding credentials in environment variables or scripts, recommending instead the use of the official 'aliyun configure' interactive utility or named profiles.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external user inputs and database error logs to generate queries for the AI assistant.
- Ingestion points: User-supplied natural language requests and pasted database error messages described in 'SKILL.md'.
- Boundary markers: Commands in 'SKILL.md' and 'references/related-apis.md' use single quotes to wrap query content, but no explicit instructions are provided to the model to ignore instructions embedded within user data.
- Capability inventory: The skill executes shell commands via the 'aliyun' CLI as documented in 'SKILL.md' and 'references/related-apis.md'.
- Sanitization: No explicit sanitization or escaping logic is defined for the content interpolated into the CLI command parameters.
Audit Metadata