skills/aliyun/alibabacloud-aiops-skills/alibabacloud-cloudfw-vpc-firewall-diagnosis/Gen Agent Trust Hub
alibabacloud-cloudfw-vpc-firewall-diagnosis
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs read-only cloud diagnostics using the Bash tool to run Alibaba Cloud CLI queries and local scripts. These commands are restricted to informational API calls.
- [COMMAND_EXECUTION]: The script scripts/closure_precheck.py uses subprocess.run with shell=False. This implementation prevents shell injection vulnerabilities by passing command arguments as a list rather than a single string.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from cloud API responses and local JSON files. While this represents a surface for indirect prompt injection (Category 8), the risk is addressed through structured data handling and the read-only scope of the agent's actions. Evidence: ingestion of API results in scripts/closure_precheck.py and JSON files in scripts/analyze_routes.py.
- [COMMAND_EXECUTION]: A PreToolUse hook (scripts/check-write-operation.sh) is implemented to filter shell commands. It enforces a strict whitelist of read-only patterns and requires user confirmation for any unrecognized commands, preventing unauthorized resource modifications.
Audit Metadata