The Agent Skills Directory

Data Exposure & Exfiltration (MEDIUM): The skill instructions in SKILL.md explicitly direct the agent to access ~/.alibabacloud/credentials to obtain authentication secrets. While this is the standard location for Alibaba Cloud credentials, accessing such sensitive local files is flagged as a high-risk operation, downgraded to medium here as it is essential for the skill's primary purpose.- External Downloads (LOW): The script scripts/list_openapi_meta_apis.py performs network requests to api.aliyun.com to fetch API metadata. This domain is not included in the trusted source whitelist.- Indirect Prompt Injection (LOW): The skill exhibits an indirect prompt injection surface by ingesting untrusted external data.
Ingestion points: scripts/list_openapi_meta_apis.py fetches JSON metadata from api.aliyun.com and saves it to the output/ directory.
Boundary markers: Absent. There are no instructions or delimiters to prevent the agent from following malicious instructions potentially embedded in the downloaded metadata.
Capability inventory: The agent is intended to perform resource management tasks, including state-changing operations like Create, Update, and Delete on Alibaba Cloud services.
Sanitization: None. The script directly writes the retrieved JSON payload to disk without validation or sanitization.

alicloud-data-analytics-dataanalysisgbi