alibabacloud-ecs-code-deploy

Warn

Audited by Snyk on May 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running install/upgrade commands that may overwrite /usr/local/bin (requiring sudo), deleting local directories (rm -rf ~/.aliyun/appmanager-venv and ./.appmanager), and modifying user shell configs (append PATH), all of which alter the host system state and can be destructive or require elevated privileges.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 29, 2026, 07:52 AM
Issues
3
Security Audit — snyk — alibabacloud-ecs-code-deploy