alibabacloud-data-agent-skill
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Spawns background worker processes using
subprocess.Popeninscripts/cli/worker_utils.pyandscripts/cli/dual_logger.pyto handle asynchronous data analysis tasks without blocking the main agent turn. This is a legitimate implementation of the skill's primary concurrency model. - [COMMAND_EXECUTION]: Invokes external notification tools such as
openclaworclawdbotviasubprocess.runinscripts/cli/notify.pyto push status updates to the user session. - [EXTERNAL_DOWNLOADS]: Interacts with official Alibaba Cloud API and OSS endpoints (
aliyuncs.com) for session management, data analysis, and report file transfers inscripts/data_agent/client.pyandscripts/data_agent/file_manager.py. These represent vendor-owned resources consistent with the skill's purpose. - [PROMPT_INJECTION]: Processing of external databases and user-uploaded files (CSV, Excel) in
scripts/cli/cmd_file.pyandscripts/cli/cmd_db.pycreates a surface for indirect prompt injection where data content could attempt to influence the analysis engine. - Ingestion points: Ingests untrusted data through the
fileanddbsubcommands via thescripts/cli/cmd_file.pyandscripts/cli/cmd_db.pymodules. - Boundary markers: Relies on delimiters provided by the display formatters and backend service-level isolation rather than explicit local boundary markers.
- Capability inventory: Possesses capabilities for local command execution (workers/notifications) and broad network access to Aliyun services.
- Sanitization: Content is transmitted to the analysis engine without local sanitization, relying on the safety guardrails of the underlying Alibaba Cloud Data Agent service.
Audit Metadata