The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches OpenAPI metadata from the official Alibaba Cloud domain api.aliyun.com to dynamically discover supported API operations and schemas. This is a well-known service used for its intended purpose.
[COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/list_openapi_meta_apis.py) and utilizes py_compile to validate script integrity within the skill directory.
[CREDENTIALS_UNSAFE]: The skill facilitates cloud resource management by accessing Alibaba Cloud credentials via standard environment variables and the shared configuration file ~/.alibabacloud/credentials. These operations are consistent with the skill's primary purpose.
[PROMPT_INJECTION]: The skill ingests data from a remote API metadata endpoint to inform the agent's workflow. While this creates a potential surface for indirect prompt injection, the reliance on official vendor endpoints minimizes risk. Evidence Chain: 1) Ingestion point: api.aliyun.com via list_openapi_meta_apis.py; 2) Boundary markers: Not explicitly defined for external metadata; 3) Capability inventory: Local script execution and cloud API calls; 4) Sanitization: None implemented for the metadata payload.

aliyun-adb-mysql