alibabacloud-emas-apm-remotelog

Fail

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes a shell script directly via curl ... | bash from https://aliyuncli.alicdn.com/setup.sh. This is a vendor-provided resource for the Alibaba Cloud CLI. While this pattern is generally high-risk, the domain is identified as a legitimate resource for the skill's author ('aliyun').
  • [COMMAND_EXECUTION]: The skill performs several command-line operations, including installing the aliyun-cli-emas-appmonitor plugin and configuring the CLI. The documentation in references/cli-installation-guide.md mentions using sudo to move binaries to system paths, which is a standard installation procedure.
  • [PROMPT_INJECTION]: The skill processes log data retrieved from mobile applications through the search-tlog API. This establishes an indirect prompt injection surface where external, potentially untrusted content from end-user devices is brought into the agent's execution context.
  • Ingestion points: Output from the aliyun emas-appmonitor search-tlog command as described in SKILL.md.
  • Boundary markers: None identified; log messages are not delimited or flagged to prevent the agent from interpreting embedded text as instructions.
  • Capability inventory: The skill has the capability to execute a variety of CLI commands and perform network operations via the Alibaba Cloud API.
  • Sanitization: There is no evidence of sanitization or filtering applied to the log messages before they are processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 6, 2026, 02:35 AM
Security Audit — agent-trust-hub — alibabacloud-emas-apm-remotelog