alibabacloud-ehpc-instant-job-skill

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the aliyun CLI and official Python SDK to perform cloud resource management tasks such as creating, querying, and deleting compute jobs. These operations are essential to the skill's primary function and are implemented using secure coding patterns.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official Aliyun CLI binary and its associated SHA256 checksum from Aliyun's trusted content delivery network (alicdn.com). These downloads are verified for integrity as part of the setup process.
  • [PROMPT_INJECTION]: The skill was analyzed for indirect prompt injection risks due to its handling of user-provided metadata like job names and descriptions.
  • Ingestion points: Environment variables and command-line arguments (e.g., JOB_NAME, JOB_DESCRIPTION) used in scripts/cli/create_container_job.sh and scripts/sdk/delete_jobs.py.
  • Boundary markers: The skill requires explicit manual confirmation from the user after displaying a configuration summary before any resource creation or deletion occurs.
  • Capability inventory: Lifecycle management of high-performance computing resources via the ehpcinstant Aliyun API service.
  • Sanitization: The skill incorporates dedicated validation libraries (_lib_validate.py and _lib_validate.sh) that enforce strict regex whitelists and filter out dangerous characters (quotes, backslashes, control characters), effectively mitigating command and JSON injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:47 AM
Security Audit — agent-trust-hub — alibabacloud-ehpc-instant-job-skill