aliyun-modelstudio-crawl-and-skill
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The workflow executes the
@just-every/crawlpackage usingnpx -y. This downloads and runs external code from a non-trusted scope on the NPM registry at runtime. - [EXTERNAL_DOWNLOADS]: Fetches model documentation from
https://help.aliyun.com/zh/model-studio/modelsduring the crawling step. - [COMMAND_EXECUTION]: Automates a series of shell operations including the installation and execution of Node.js tools, Python scripts for data processing, and filesystem operations like directory creation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data crawled from a public website.
- Ingestion points: The crawler saves external web content into
alicloud-model-studio-models.md, which is then consumed by the processing scripts. - Boundary markers: No explicit delimiters or instructions are used to isolate the crawled content from the agent's logic.
- Capability inventory: The skill possesses the ability to write to the local filesystem and execute shell commands.
- Sanitization: The Python scripts use basic regular expressions to extract data, which does not provide robust protection against malicious payloads embedded in the crawled markdown.
Audit Metadata