yunxiao
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data and possesses significant write capabilities. * Ingestion points: Data enters the agent context via 'git remote get-url' (cheatsheet.md) and various 'aliyun devops' query commands that fetch task, repository, and merge request details. * Boundary markers: Absent. No instructions are provided to the agent to delimit or ignore instructions embedded within retrieved data. * Capability inventory: The skill can perform impactful write operations including 'CreateMergeRequest', 'UpdateWorkitemField', and 'CreateTag'. * Sanitization: Absent. The skill does not prescribe any validation or sanitization of content retrieved from the Cloud API before using it in logic.
- [Command Execution] (MEDIUM): The skill relies on executing system commands ('aliyun', 'git', 'jq') where arguments are derived from external API outputs, creating a risk if those outputs contain malicious payloads.
- [External Downloads] (LOW): The skill instructs users to download and install tools like 'aliyun-cli' and 'jq' via Homebrew.
Recommendations
- AI detected serious security threats
Audit Metadata