alibabacloud-sls-cli-guidance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to request user credentials and shows using them inline with aliyun configure set --access-key-secret <access-key-secret> (i.e., embedding secrets in CLI commands), which requires handling and outputting secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's installation step directs executing a remote installer via curl|bash at https://aliyuncli.alicdn.com/install.sh which would fetch and execute remote code as a required dependency for the CLI-based skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running a remote installer with "sudo" (sudo /bin/bash -c "$(curl -fsSL ... )"), which requests elevated privileges and would modify system files, so it encourages compromising the machine state.