alibabacloud-history-lock-diagnose

Fail

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references a remote installation script for the Aliyun CLI (https://aliyuncli.alicdn.com/setup.sh). Although the source is a vendor-owned domain, the provided command uses a piped execution pattern (curl | bash).
  • [COMMAND_EXECUTION]: The diagnostic script scripts/smart-lock-diagnosis.py uses subprocess.run to perform system operations. The skill instructions specifically direct the agent not to read the script's code before execution, which prevents verification of how user-provided parameters like BlockedSQL and InstanceId are sanitized before being used in shell commands.
  • [DATA_EXFILTRATION]: The skill is designed to query and display database audit logs through the hdm:GetDasSQLLogHotData action. This exposes sensitive information, such as database query history and schema details, to the agent's context.
  • [PROMPT_INJECTION]: The skill processes SQL audit data which constitutes untrusted input. The automated processing of these logs by a script with execution capabilities provides a surface for indirect prompt injection if malicious SQL is present in the logs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 22, 2026, 08:40 AM
Security Audit — agent-trust-hub — alibabacloud-history-lock-diagnose