alicloud-storage-oss-ossutil
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The installation instructions in 'references/install.md' require the use of 'sudo' to install system dependencies like 'unzip' and to move the 'ossutil' binary into system-wide executable paths such as '/usr/local/bin'.
- [EXTERNAL_DOWNLOADS]: The skill fetches the official Alibaba Cloud command-line tool archive from 'gosspublic.alicdn.com' during the setup phase.
- [COMMAND_EXECUTION]: The validation script 'scripts/check_ossutil.py' executes the 'ossutil' binary via the 'subprocess' module to verify its availability and version on the host system.
- [DATA_EXFILTRATION]: The skill accesses and manages sensitive configuration files including '
/.ossutilconfig' and '/.alibabacloud/credentials', which are used to store Alibaba Cloud AccessKey IDs and AccessKey Secrets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from cloud storage buckets.
- Ingestion points: The agent processes object listings and command outputs (e.g., 'ossutil ls' results) as specified in 'SKILL.md'.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used to delimit untrusted data from system instructions.
- Capability inventory: The skill possesses capabilities for file manipulation ('ossutil cp/sync'), resource management, and local command execution via Python scripts.
- Sanitization: There is no evidence of sanitization or validation of object names, paths, or remote metadata before they are incorporated into the agent's context.
Audit Metadata