alibabacloud-lindorm-agent-skill

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements strong security guardrails by explicitly instructing the agent never to read, print, or request AccessKey credentials. It directs users to secure configuration methods outside the chat session.
  • [PROMPT_INJECTION]: The skill includes instructions to the agent to prioritize information from the provided reference documents over its internal training data. This is a standard grounding technique for domain-specific knowledge retrieval skills.
  • [EXTERNAL_DOWNLOADS]: Installation instructions in the reference documents point to binary downloads for the Aliyun CLI and Lindorm tools from domains like aliyuncli.alicdn.com and aliyuncs.com. These are official vendor domains and are recognized as safe sources for these tools.
  • [COMMAND_EXECUTION]: The skill provides numerous command examples for resource management, monitoring, and connectivity testing using the aliyun CLI and curl. It mandates user confirmation for all configurable parameters (such as region and instance ID) before execution to prevent accidental or unauthorized actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:28 PM
Security Audit — agent-trust-hub — alibabacloud-lindorm-agent-skill