aliyun-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides commands for managing cloud infrastructure, including destructive operations like
aliyun ecs DeleteInstance --Force trueandaliyun rds CreateDatabase. These are standard functionalities for a cloud management tool and are consistent with the skill's stated purpose. - [CREDENTIALS_UNSAFE] (LOW): The documentation includes an example hardcoded password
MyPassword123!in the RDS account creation command. While clearly an example, users should be reminded to use secure, unique credentials in production. - [INDIRECT PROMPT INJECTION] (LOW): The skill creates a surface for indirect prompt injection because it performs high-privilege cloud operations based on resource identifiers (IDs, names). If an agent processes untrusted data to determine which resource to delete or modify, it could be manipulated.
- Ingestion points: Resource identifiers like
--InstanceId,--BucketName, and--DBInstanceIdwhich may be sourced from external inputs. - Boundary markers: None present; the skill assumes direct command execution.
- Capability inventory: Full lifecycle management (CRUD) of cloud instances, databases, and storage buckets across multiple services.
- Sanitization: No sanitization logic is provided in the documentation; the agent is expected to handle parameter validation.
Audit Metadata