alicloud-network-esa
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes data from external Alibaba Cloud APIs that could contain malicious instructions.
- Ingestion points: The skill retrieves dynamic data such as site names, plan types, and DNS record values through scripts like
scripts/list_sites.pyandscripts/list_dns_records.py. - Boundary markers: The processing logic lacks explicit delimiters or instructional constraints that would prevent the agent from inadvertently following commands embedded in the retrieved metadata.
- Capability inventory: The skill has significant operational reach, including the ability to delete sites (
DeleteSite), modify DNS records (UpdateRecord), and deploy or execute custom code on edge nodes via Edge Routine (CreateRoutine). - Sanitization: There is no evident validation or sanitization of the data retrieved from the cloud environment before it is used in the agent's context.
Audit Metadata