The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains several phrases commonly associated with prompt injection (e.g., 'Ignore all previous instructions', 'You are now in admin mode'). However, these are part of a robust 'Prompt Injection Resistance' section that explicitly instructs the agent to REFUSE such commands and treat them as plain text. This is a defensive security feature, not a vulnerability.
[COMMAND_EXECUTION]: The skill uses the official 'aliyun' CLI tool for cluster management. It includes a dedicated 'Input Validation' section with specific rules to prevent shell injection, such as prioritizing JSON string parameters and validating user-provided strings (ClusterName, Description, etc.) against allow-lists and regex patterns.
[EXTERNAL_DOWNLOADS]: The skill explicitly prohibits downloading or executing external scripts, dependencies, or unaudited content via tools like 'curl', 'wget', 'pip', or 'npm'. All operations are restricted to the official Alibaba Cloud OpenAPI via the local CLI.
[DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill uses standard authentication via the 'aliyun' CLI profile and limits network operations to official vendor endpoints.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted user input (like cluster names or descriptions) but mitigates this surface by instructing the agent to validate input formats and treat embedded instructions as plain text.
[REMOTE_CODE_EXECUTION]: The skill includes strong prohibitions against executing code from remote URLs or using dangerous functions like 'eval' or 'source' on external content.

alibabacloud-emr-cluster-manage