alibabacloud-ecs-patch-management
Fail
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to download and execute an installation script from the official Alibaba Cloud CDN (https://aliyuncli.alicdn.com/setup.sh). This is used to install or update the Aliyun CLI to the required version.
- [COMMAND_EXECUTION]: The skill utilizes a variety of Aliyun CLI commands to interact with OOS (Operation Orchestration Service) and ECS (Elastic Compute Service). It includes logic to manage execution states, poll for status, and capture logs.
- [DATA_EXFILTRATION]: The instructions include strong security guardrails regarding credentials, explicitly forbidding the reading, echoing, or printing of Access Key (AK) or Secret Key (SK) values. It mandates that configuration occur outside the agent session.
- [PROMPT_INJECTION]: The skill incorporates mandatory confirmation steps for all destructive or service-impacting parameters (such as
action=installorrebootIfNeed). It requires explicit affirmative user consent before proceeding with patch installation. - [COMMAND_EXECUTION]: The core workflow includes a shell-based snippet for generating a deterministic
CLIENT_TOKENusingprintf,shasum, andcut. This pattern presents a potential command injection surface in the shell environment where the agent executes commands if user-provided inputs likeinstanceIdsare not properly sanitized or escaped before interpolation into theprintfcommand.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata