The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the aliyun command-line interface to interact with cloud service APIs for security management.
Executes aliyun sas DescribeSuspEvents to fetch security alert lists.
Executes aliyun sas HandleSecurityEvents to perform administrative remediation such as blocking IPs, quarantining files, or whitelisting events.
[EXTERNAL_DOWNLOADS]: The installation guide instructs the user to download the official Aliyun CLI tool from vendor-controlled domains.
Fetches binaries from aliyuncli.alicdn.com and references resources from the official aliyun GitHub organization.
These downloads are standard for setting up the required environment for the skill's primary purpose.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes untrusted data from security logs.
Ingestion points: Alert data (names, descriptions, event types) is ingested from the cloud environment via the DescribeSuspEvents API call in SKILL.md.
Boundary markers: The instructions do not define specific delimiters or guardrails to prevent the agent from obeying instructions that might be embedded in the security alert data.
Capability inventory: The skill has the capability to modify cloud resources (blocking IPs, killing processes) via HandleSecurityEvents based on its analysis of the ingested data.
Sanitization: There is no mention of sanitizing or escaping the data retrieved from the cloud API before it is evaluated by the agent.

alibabacloud-sas-alert-handler