alibabacloud-dms-skill
Fail
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation provides instructions to download and execute an installation script from the official vendor domain aliyuncli.alicdn.com.
- [COMMAND_EXECUTION]: The skill invokes local shell scripts that use the Alibaba Cloud CLI to interact with the DMS API and execute SQL commands.
- [PROMPT_INJECTION]: The skill handles user-supplied SQL statements, creating a surface for indirect prompt injection vulnerabilities. 1. Ingestion points: Database search keywords and SQL statements are provided by the user and passed to shell scripts. 2. Boundary markers: The instructions mandate that the agent must confirm all parameters and write operations with the user before execution. 3. Capability inventory: The skill can execute SQL queries and search for database identifiers using the aliyun-cli tool. 4. Sanitization: The provided bash scripts perform validation on the length of input parameters and use regular expressions to restrict keywords to alphanumeric characters and common symbols.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata