alibabacloud-cloudfw-vpc-firewall-diagnosis

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs read-only cloud diagnostics using the Bash tool to run Alibaba Cloud CLI queries and local scripts. These commands are restricted to informational API calls.
  • [COMMAND_EXECUTION]: The script scripts/closure_precheck.py uses subprocess.run with shell=False. This implementation prevents shell injection vulnerabilities by passing command arguments as a list rather than a single string.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from cloud API responses and local JSON files. While this represents a surface for indirect prompt injection (Category 8), the risk is addressed through structured data handling and the read-only scope of the agent's actions. Evidence: ingestion of API results in scripts/closure_precheck.py and JSON files in scripts/analyze_routes.py.
  • [COMMAND_EXECUTION]: A PreToolUse hook (scripts/check-write-operation.sh) is implemented to filter shell commands. It enforces a strict whitelist of read-only patterns and requires user confirmation for any unrecognized commands, preventing unauthorized resource modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:44 AM
Security Audit — agent-trust-hub — alibabacloud-cloudfw-vpc-firewall-diagnosis