alibabacloud-analyticdb-postgresql-ai-coaching-best-practice

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to request, generate, record, and embed sensitive passwords (ManagerAccountPassword, NamespacePassword, AccountPassword) verbatim into CLI commands and outputs (e.g., --account-password '<...>'), which requires the LLM to handle and emit secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Core Workflow (Step 7 "Upload Domain Knowledge Documents" in SKILL.md) explicitly instructs the agent to fetch and ingest user- or public-hosted documents via aliyun gpdb upload-document-async --file-url (arbitrary URLs), and Step 8 then uses those ingested documents in ChatWithKnowledgeBase RAG queries, meaning untrusted third‑party content can directly influence agent behavior and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires Aliyun CLI >=3.3.1 and the installation guide instructs downloading executable archives from https://aliyuncli.alicdn.com/ (e.g., aliyun-cli--latest-.tgz/.zip), which fetches remote executable code that would be installed and executed to run the skill.