alibabacloud-emas-apm-remotelog
Fail
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes a shell script directly via
curl ... | bashfromhttps://aliyuncli.alicdn.com/setup.sh. This is a vendor-provided resource for the Alibaba Cloud CLI. While this pattern is generally high-risk, the domain is identified as a legitimate resource for the skill's author ('aliyun'). - [COMMAND_EXECUTION]: The skill performs several command-line operations, including installing the
aliyun-cli-emas-appmonitorplugin and configuring the CLI. The documentation inreferences/cli-installation-guide.mdmentions usingsudoto move binaries to system paths, which is a standard installation procedure. - [PROMPT_INJECTION]: The skill processes log data retrieved from mobile applications through the
search-tlogAPI. This establishes an indirect prompt injection surface where external, potentially untrusted content from end-user devices is brought into the agent's execution context. - Ingestion points: Output from the
aliyun emas-appmonitor search-tlogcommand as described inSKILL.md. - Boundary markers: None identified; log messages are not delimited or flagged to prevent the agent from interpreting embedded text as instructions.
- Capability inventory: The skill has the capability to execute a variety of CLI commands and perform network operations via the Alibaba Cloud API.
- Sanitization: There is no evidence of sanitization or filtering applied to the log messages before they are processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata