alibabacloud-lindorm-agent-skill
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements strong security guardrails by explicitly instructing the agent never to read, print, or request AccessKey credentials. It directs users to secure configuration methods outside the chat session.
- [PROMPT_INJECTION]: The skill includes instructions to the agent to prioritize information from the provided reference documents over its internal training data. This is a standard grounding technique for domain-specific knowledge retrieval skills.
- [EXTERNAL_DOWNLOADS]: Installation instructions in the reference documents point to binary downloads for the Aliyun CLI and Lindorm tools from domains like
aliyuncli.alicdn.comandaliyuncs.com. These are official vendor domains and are recognized as safe sources for these tools. - [COMMAND_EXECUTION]: The skill provides numerous command examples for resource management, monitoring, and connectivity testing using the
aliyunCLI andcurl. It mandates user confirmation for all configurable parameters (such as region and instance ID) before execution to prevent accidental or unauthorized actions.
Audit Metadata