Skills
skills/shigzz/aliyun-skills/aliyun-domain-skill/Gen Agent Trust Hub

aliyun-domain-skill

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The documentation in SKILL.md explicitly directs the agent to execute a command to inspect the .env file: find . -maxdepth 1 -name ".env" -exec cat {} \;. This instruction causes the agent to print highly sensitive credentials, specifically ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET, into the session output and logs.
  • [COMMAND_EXECUTION]: The skill provides Python scripts that execute cloud management operations such as QueryDomainList and UpdateDomainRecord. These administrative capabilities allow for the modification of production DNS infrastructure and account-wide domain enumeration, which could be exploited if malicious inputs are processed.
  • [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external data (e.g., domain names, record values) to perform actions on cloud infrastructure without sufficient isolation or sanitization.
  • Ingestion points: Command-line arguments used in scripts/check_domain.py, scripts/describe_domain_records.py, scripts/query_domainlist.py, and scripts/update_domain_record.py.
  • Boundary markers: Not present; the instructions do not define delimiters for user-provided data.
  • Capability inventory: Script execution, network communication with Alibaba Cloud APIs, and modification of cloud resources.
  • Sanitization: None; the provided scripts pass input arguments directly to the Alibaba Cloud SDK without validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 08:22 AM