aliyun-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (LOW): The skill workflow involves executing a local validation script 'python3 scripts/validate_json.py'. This is a standard utility for verifying the schema of the generated execution plan.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user queries and references several external knowledge base files to map intents and entities.
- Ingestion points: Reference files 'references/意图分类词典库.md', 'references/实体知识库.md', 'references/关系知识库.md', and 'references/API操作映射库.md'.
- Boundary markers: Absent. The skill does not explicitly instruct the model to ignore potential prompt injection patterns within these reference files.
- Capability inventory: Subprocess execution (python3) and generation of administrative cloud commands (Aliyun CLI).
- Sanitization: None described in the provided markdown.
Audit Metadata