aliyun-dns
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The
scripts/aliyun-dns.shfile contains aurlencodefunction that unsafely interpolates shell variables into a Python command string. The implementationpython3 -c "... '''$1''' ..."is vulnerable to injection if the variable$1contains triple single quotes ('''), allowing an attacker to execute arbitrary Python code.\n- Remote Code Execution (MEDIUM): This vulnerability is exposed to remote data because theurlencodefunction processes DNS record values and names which may be fetched from external sources (Alibaba Cloud API). A malicious record could trigger the vulnerability during routine management tasks.\n- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted data from cloud DNS records without sufficient isolation or sanitization.\n - Ingestion points: DNS record names (RR), types, and values processed in
scripts/aliyun-dns.sh.\n - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the record data.\n
- Capability inventory: File system access and command execution via
curlandpython3subprocesses.\n - Sanitization: The skill's primary sanitization mechanism (
urlencode) is itself flawed and permits code injection.
Audit Metadata