alibabacloud-solution-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by fetching external content to drive high-privilege operations.
- Ingestion points: The skill fetches Terraform
main.tftemplates from GitHub and deployment tutorial pages from the Alibaba Cloud solution portal (SKILL.md). - Boundary markers: There are no explicit delimiters or instructions for the agent to ignore potentially embedded commands within the fetched external data.
- Capability inventory: The skill possesses significant capabilities, including arbitrary Alibaba Cloud CLI command execution (
aliyun), Terraform infrastructure management (iacservice), and the ability to run shell scripts on ECS instances (ecs:RunCommand). - Sanitization: Ingested external content is not sanitized or validated before being used to generate cloud management commands or infrastructure-as-code configurations.
- [EXTERNAL_DOWNLOADS]: Fetches deployment configurations and code examples from the
alibabacloud-automationGitHub organization and official Alibaba Cloud domains (aliyun.com). These are recognized as legitimate vendor resources. - [REMOTE_CODE_EXECUTION]: Downloads and executes Terraform modules using Alibaba Cloud's IaCService. This functionality is the primary purpose of the skill and uses official vendor infrastructure.
- [COMMAND_EXECUTION]: Dynamically generates and executes
aliyunCLI commands. The skill includes a specialized Python script (diagnose_cli_command.py) that uses an Alibaba Cloud API to interpret error messages and suggest fixes. - [SAFE]: The Python helper scripts correctly implement a redaction mechanism (
sanitize_response) that removes sensitive fields such as Access Key IDs, Secrets, Passwords, and Tokens from the API responses before they are processed or displayed to the user.
Audit Metadata