alibabacloud-ecs-patch-management

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to download and execute an installation script from the official Alibaba Cloud CDN (https://aliyuncli.alicdn.com/setup.sh). This is used to install or update the Aliyun CLI to the required version.
  • [COMMAND_EXECUTION]: The skill utilizes a variety of Aliyun CLI commands to interact with OOS (Operation Orchestration Service) and ECS (Elastic Compute Service). It includes logic to manage execution states, poll for status, and capture logs.
  • [DATA_EXFILTRATION]: The instructions include strong security guardrails regarding credentials, explicitly forbidding the reading, echoing, or printing of Access Key (AK) or Secret Key (SK) values. It mandates that configuration occur outside the agent session.
  • [PROMPT_INJECTION]: The skill incorporates mandatory confirmation steps for all destructive or service-impacting parameters (such as action=install or rebootIfNeed). It requires explicit affirmative user consent before proceeding with patch installation.
  • [COMMAND_EXECUTION]: The core workflow includes a shell-based snippet for generating a deterministic CLIENT_TOKEN using printf, shasum, and cut. This pattern presents a potential command injection surface in the shell environment where the agent executes commands if user-provided inputs like instanceIds are not properly sanitized or escaped before interpolation into the printf command.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-ecs-patch-management