alibabacloud-sls-cli-guidance
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the vendor's official CDN at https://aliyuncli.alicdn.com/install.sh.
- [COMMAND_EXECUTION]: Uses sudo to install the aliyun-cli binary to system directories (/usr/local/bin/aliyun).
- [COMMAND_EXECUTION]: Executes various aliyun CLI sub-commands to manage cloud resources, including destructive operations like deleting projects and logstores.
- [EXTERNAL_DOWNLOADS]: Downloads the aliyun-cli tool and the sls plugin from official Alibaba Cloud sources.
- [CREDENTIALS_UNSAFE]: Provides instructions for configuring Alibaba Cloud access keys using placeholders like and .
- [PROMPT_INJECTION]: The skill processes untrusted log data through get-logs-v2 and text-to-sql tools, creating an indirect prompt injection surface.
- Ingestion points: Log data retrieved from Alibaba Cloud SLS via the get-logs-v2 command.
- Boundary markers: No specific delimiters or warnings are used to isolate untrusted log content from the agent's instruction context.
- Capability inventory: The agent can execute aliyun-cli commands to create, update, or delete projects and logstores, and can write configuration data to the local file system.
- Sanitization: Log content is not sanitized before being returned to the agent's context.
- [DATA_EXFILTRATION]: Facilitates the reading and writing of log data between the local environment and Alibaba Cloud Simple Log Service.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/install.sh - DO NOT USE without thorough review
Audit Metadata