The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's functionality is consistent with its stated purpose of assisting in mobile application diagnostics using official vendor-provided tools and infrastructure.
[EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing the official Aliyun CLI and the emas-appmonitor plugin from aliyuncli.alicdn.com. These downloads originate from the vendor's verified domains and well-known infrastructure, which are considered safe according to established trust rules.
[COMMAND_EXECUTION]: The skill utilizes shell scripts (list_top_issues.sh and dig_issue.sh) to execute aliyun CLI commands. These scripts include robust validation for all input parameters, including numeric type checking, set inclusion tests, and regex-based format verification for identifiers like DigestHash, effectively preventing command injection vulnerabilities.
[DATA_EXFILTRATION]: The skill queries application performance monitoring data, such as stack traces, exception messages, and event logs, from the Alibaba Cloud backend via the official CLI. This data is used solely for generating local diagnostic reports as intended. The skill includes explicit best-practice guidance to prevent the logging or printing of sensitive credentials like Access Keys.
[PROMPT_INJECTION]: The skill processes external data (stack traces and logs from the APM service) that could potentially contain untrusted content. Ingestion points include the Backtrace and EventLog fields processed by dig_issue.sh. To mitigate potential indirect injection risks, the skill uses markdown code blocks as boundary markers in the generated reports, limits its capabilities to local reporting and source code searching (rg), and utilizes jq for basic data sanitization and escaping.

alibabacloud-emas-apm-query