alibabacloud-history-lock-diagnose
Fail
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a remote installation script for the Aliyun CLI (
https://aliyuncli.alicdn.com/setup.sh). Although the source is a vendor-owned domain, the provided command uses a piped execution pattern (curl | bash). - [COMMAND_EXECUTION]: The diagnostic script
scripts/smart-lock-diagnosis.pyusessubprocess.runto perform system operations. The skill instructions specifically direct the agent not to read the script's code before execution, which prevents verification of how user-provided parameters likeBlockedSQLandInstanceIdare sanitized before being used in shell commands. - [DATA_EXFILTRATION]: The skill is designed to query and display database audit logs through the
hdm:GetDasSQLLogHotDataaction. This exposes sensitive information, such as database query history and schema details, to the agent's context. - [PROMPT_INJECTION]: The skill processes SQL audit data which constitutes untrusted input. The automated processing of these logs by a script with execution capabilities provides a surface for indirect prompt injection if malicious SQL is present in the logs.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata