Skills
skills/agw-sales-ops/skills/ali-billing-query/Gen Agent Trust Hub

ali-billing-query

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes the official DuckDB installation script from https://install.duckdb.org using a shell pipe.
  • [COMMAND_EXECUTION]: Utilizes shell commands to run the duckdb CLI and various system utilities such as head, wc, and cat for data processing.
  • [DATA_EXFILTRATION]: Retrieves sensitive Aliyun billing information from an external StarRocks database and exports the results to local CSV files.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads and analyzes records from a billing database.
  • Ingestion points: Data enters the agent's context through query results exported to CSV files from the v_bill_ali_detail table.
  • Boundary markers: There are no instructions or delimiters defined to prevent the agent from obeying commands that could be embedded within the billing data.
  • Capability inventory: The skill performs shell-based operations using the duckdb binary and standard utilities like cat, head, and wc (SKILL.md).
  • Sanitization: The skill does not implement sanitization or validation for the data retrieved from the database before it is processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://install.duckdb.org - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 04:12 AM
Security Audit — agent-trust-hub — ali-billing-query