aliyun-cli-manage
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the official Alibaba Cloud CLI binary from
https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz. This is a standard operation for installing the required tooling from the official vendor distribution channel. - [COMMAND_EXECUTION]: The skill uses a Python script (
scripts/ensure_aliyun_cli.py) to execute thealiyunbinary for version checking and resource management. It also provides instructions for configuring cloud credentials and performing operations on cloud resources. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. * Ingestion points: Data enters the agent context via the output of the
aliyunCLI and thescripts/ensure_aliyun_cli.pystate file. * Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt templates. * Capability inventory: The skill can execute shell commands via the CLI, write to the local file system, and perform network operations via the CLI. * Sanitization: The skill uses standard CLI parameter passing but does not explicitly sanitize the content of the cloud resource data being queried.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz - DO NOT USE without thorough review
Audit Metadata