aliyun-hbr-backup
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access highly sensitive credential locations, specifically environment variables (
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET) and the shared configuration file at~/.alibabacloud/credentials. Accessing these files is a form of data exposure, although it is consistent with the primary purpose of managing Alibaba Cloud resources. - [EXTERNAL_DOWNLOADS]: The script
scripts/list_openapi_meta_apis.pyperforms network requests toapi.aliyun.comto fetch OpenAPI documentation. This is a well-known and official service for Alibaba Cloud metadata. - [PROMPT_INJECTION]: The skill processes external JSON data from
api.aliyun.comto discover available APIs. This creates a surface for indirect prompt injection if the remote data source were compromised to include instructions targeting the agent. - Ingestion points: API metadata fetched by
scripts/list_openapi_meta_apis.pyfromapi.aliyun.comis used to inform the agent of available service operations. - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious content within the fetched metadata.
- Capability inventory: The skill possesses the capability to execute shell commands (
python,mkdir) and is designed to perform cloud resource modifications (create, update, modify) via the Alibaba Cloud SDK based on the ingested metadata. - Sanitization: The metadata parsing script extracts API names and schemas into documentation files without sanitizing the content for potential injection patterns.
- [COMMAND_EXECUTION]: The skill involves executing local Python scripts and standard shell commands for resource management and setup, such as directory creation and script compilation.
Audit Metadata