alicloud-compute-ecs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables execution of shell or PowerShell commands on remote ECS instances through the official Alibaba Cloud Assistant (RunCommand) service. Evidence:
scripts/run_remote_command.pyuses theRunCommandAPI to send and poll command results. - [EXTERNAL_DOWNLOADS]: Fetches well-known Alibaba Cloud SDK packages from the official Python Package Index (PyPI) to support cloud operations. Evidence:
SKILL.mdsetup instructions includepip installforalibabacloud_ecs20140526,alibabacloud_tea_openapi,alibabacloud_credentials, andalibabacloud_cms20190101. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data from external cloud resources.
- Ingestion points:
scripts/run_remote_command.py(captures stdout from remote instances),scripts/list_instances_all_regions.py(processes instance names and metadata). - Boundary markers: None identified in instructions or scripts to delimit external content.
- Capability inventory: Extensive cloud management capabilities including instance creation, deletion, and remote execution via the ECS SDK.
- Sanitization: No explicit validation or sanitization is performed on data retrieved from the Alibaba Cloud API before inclusion in the agent context.
Audit Metadata