alicloud-platform-aliyun-cli
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Downloads and executes the Alibaba Cloud CLI binary from the official vendor CDN (https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz). This is a well-known service domain for Alibaba Cloud and follows official installation procedures.
- [COMMAND_EXECUTION]: Executes the
aliyunbinary via subprocess calls for cloud operations and version management. The skill includes a Python script (scripts/ensure_aliyun_cli.py) to automate binary execution and updates. - [PROMPT_INJECTION]: Provides a surface for indirect prompt injection as user-controlled data is used to populate command-line parameters for Alibaba Cloud API calls.
- Ingestion points: User-provided region IDs, resource identifiers, and API parameters mentioned in
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: Subprocess execution, network access for cloud API calls, and local file writing for state and log files.
- Sanitization: No input validation or escaping is performed by the skill's scripts; security relies on the calling agent's logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz - DO NOT USE without thorough review
Audit Metadata