alibabacloud-devops
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches vendor-specific and utility packages (
alibabacloud-devops-mcp-server,mcporter) vianpxfrom a well-known service (Alibaba Cloud NPM mirror). These dependencies are required for the skill's operation and originate from sources associated with the vendor. - [COMMAND_EXECUTION]: Executes shell commands via the Alibaba Cloud CLI and Node.js tools to perform DevOps operations. These actions are aligned with the skill's stated purpose of automating cloud workflows and managing resources.
- [CREDENTIALS_UNSAFE]: Contains explicit security instructions that prohibit the AI from requesting or leaking Personal Access Tokens. It recommends the use of environment variables for secure authentication and includes existence checks that do not print sensitive values.
- [PROMPT_INJECTION]: Ingestion points: User-provided parameters in scenarios (e.g., repositoryId, branch names, work item subjects). Boundary markers: Absent. Capabilities: Shell execution via
aliyunCLI andnpxpackage execution. Sanitization: Not explicitly implemented in the instructions. While this creates a potential surface for indirect prompt injection, it is mitigated by mandatory user confirmation steps for critical operations.
Audit Metadata