Skills
skills/aliyun/alibabacloud-skills/alibabacloud-cli-guidance/Gen Agent Trust Hub

alibabacloud-cli-guidance

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes a setup script for the Aliyun CLI tool from the official vendor domain (https://aliyuncli.alicdn.com/setup.sh).
  • [EXTERNAL_DOWNLOADS]: Downloads the CLI binary and service plugins from remote vendor-owned repositories as part of the tool lifecycle.
  • [COMMAND_EXECUTION]: Executes administrative shell commands via Bash to manage cloud resources, configure credentials, and install plugins.
  • [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection from Alibaba Cloud API responses retrieved at runtime. ● Ingestion points: Tool outputs from aliyun API calls and help commands. ● Boundary markers: None identified. ● Capability inventory: Full shell access and cloud resource management via aliyun cli. ● Sanitization: No explicit validation of external data before use in command construction.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 09:40 AM