alibabacloud-ehpc-instant-job-skill
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
aliyunCLI and official Python SDK to perform cloud resource management tasks such as creating, querying, and deleting compute jobs. These operations are essential to the skill's primary function and are implemented using secure coding patterns. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official Aliyun CLI binary and its associated SHA256 checksum from Aliyun's trusted content delivery network (
alicdn.com). These downloads are verified for integrity as part of the setup process. - [PROMPT_INJECTION]: The skill was analyzed for indirect prompt injection risks due to its handling of user-provided metadata like job names and descriptions.
- Ingestion points: Environment variables and command-line arguments (e.g.,
JOB_NAME,JOB_DESCRIPTION) used inscripts/cli/create_container_job.shandscripts/sdk/delete_jobs.py. - Boundary markers: The skill requires explicit manual confirmation from the user after displaying a configuration summary before any resource creation or deletion occurs.
- Capability inventory: Lifecycle management of high-performance computing resources via the
ehpcinstantAliyun API service. - Sanitization: The skill incorporates dedicated validation libraries (
_lib_validate.pyand_lib_validate.sh) that enforce strict regex whitelists and filter out dangerous characters (quotes, backslashes, control characters), effectively mitigating command and JSON injection risks.
Audit Metadata