The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the official aliyun CLI tool to manage cloud resources. Mutating operations such as creating projects or resetting passwords require explicit user confirmation before the command is executed.
[DATA_EXFILTRATION]: The skill uses official APIs like get-supabase-project-api-keys to retrieve sensitive information. The instructions direct the agent to return these keys to the user, which is part of the intended project management functionality but involves handling sensitive secrets.
[EXTERNAL_DOWNLOADS]: The installation guide references downloads for the Aliyun CLI from aliyuncli.alicdn.com, which is an official vendor domain.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes data from CLI outputs (e.g., project status, names, and IDs) to drive its logic. No specific boundary markers or sanitization procedures are implemented to mitigate the risk of malicious metadata in the cloud environment. Evidence: Ingestion points in SKILL.md (list-supabase-projects, get-supabase-project); Capability inventory in SKILL.md (mutating project operations); Sanitization and boundary markers are absent.
[NO_CODE]: The skill documentation references several automation scripts in a scripts/ directory (e.g., generate-project-name.sh, generate-password.py) that are not included in the provided package, which could lead to execution errors or require the agent to generate code dynamically.

alibabacloud-analyticdb-postgresql-supabase-ops