alibabacloud-rds-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's core workflow and command examples (SKILL.md "Core Workflow" and "Command Format") call the external Alibaba Cloud RdsAi API via the CLI command aliyun rdsai chat-messages to fetch streaming "Answer" content, which the agent parses and uses to drive recommendations and follow-up actions, so untrusted third‑party responses can materially influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill's installation instructions explicitly include running sudo installer commands, moving binaries into /usr/local/bin, and executing remote install scripts—actions that modify system files and require elevated (sudo) privileges, so it can change the host state.