The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the aliyun CLI to perform diagnostic read operations and permission-modifying write operations. All write operations (e.g., AttachPolicyToUser, CreatePolicy, UpdateRole) are protected by a mandatory user-confirmation step, where the agent must wait for the user to select a repair path before proceeding.
[COMMAND_EXECUTION]: The skill uses standard system utilities like grep and cut to parse diagnostic information from temporary files in /tmp/ when API error messages cannot be parsed directly.
[DATA_EXFILTRATION]: No signs of data exfiltration were detected. All network communication is directed to legitimate Alibaba Cloud API endpoints through the official aliyun CLI tool using established vendor domains (aliyun.com).
[PROMPT_INJECTION]: The skill's instructions for 'proactive' triggering upon detection of permission errors are standard functional directives for a diagnostic assistant and do not attempt to bypass agent safety filters or override core behavioral constraints.
[SAFE]: The skill follows least-privilege principles by recommending system-provided read-only policies for diagnosis and providing specific, narrowed custom policies for repair. Cross-skill interaction via references/ram-policies.md is used for metadata discovery and does not introduce executable code risks.

alibabacloud-ram-permission-diagnose