aliyun-cli
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is entirely composed of shell command templates for the
aliyunCLI to manage cloud infrastructure, including ECS instances, OSS storage, and DNS records. - [CREDENTIALS_UNSAFE]: The skill provides instructions for configuring AccessKey IDs and Secrets (
aliyun configure set). It also includes commands to retrieve SSL private keys (aliyun cas GetUserCertificateDetail), which outputs sensitive credential data to the shell context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: User-provided inputs are used for command parameters such as
--domain-name,--instance-id, and object paths in OSS. - Boundary markers: No delimiters or safety instructions are used to distinguish between command structure and user-supplied data.
- Capability inventory: The skill possesses extensive capabilities including instance deletion (
ecs DeleteInstance), DNS record modification (alidns update-domain-record), and file deletion/upload in OSS (oss rm/cp). - Sanitization: There is no evidence of input validation or shell escaping provided in the command templates.
Audit Metadata