alibabacloud-tablestore-ops
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides official download links for the Aliyun CLI binary from the vendor's CDN at
aliyuncli.alicdn.com. These downloads are part of the standard installation process for the required tools. - [REMOTE_CODE_EXECUTION]: The
aliyun otsutiltool features an automated update mechanism that downloads a secondary Tablestore-specific binary to the user's home directory (~/.aliyun/ts) upon its first invocation. This is an internal feature of the official vendor utility. - [COMMAND_EXECUTION]: The installation guide for macOS and Linux instructs the user to use
sudoto move the downloaded Aliyun CLI binary into the system PATH (e.g.,/usr/local/bin/). This is a standard procedure for installing global command-line utilities. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8):
- Ingestion points: The skill accepts user-defined parameters such as
RegionId,instanceName,tableName, andendpointwhich are passed directly to shell-based CLI commands. - Boundary markers: No specific delimiters or boundary markers are defined for the input parameters.
- Capability inventory: The skill executes shell commands using the
aliyunCLI tool, which interfaces with the Alibaba Cloud API. - Sanitization: The skill does not implement explicit sanitization of input parameters, relying on the underlying Aliyun CLI to handle input validation. The impact is limited as the skill scope is strictly read-only.
Audit Metadata