alibabacloud-oos-template-generation
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install or update the Aliyun CLI using a shell script fetched from
https://aliyuncli.alicdn.com/setup.shand piped directly tobash. This script originates from the official vendor domain. - [COMMAND_EXECUTION]: The workflow involves executing local shell commands such as
aliyun oos list-actionsandaliyun oos validate-template-contentto interact with Alibaba Cloud services and verify generated templates. It also utilizes system utilities likecat,curl, andjqfor file operations and metadata retrieval. - [EXTERNAL_DOWNLOADS]: The skill downloads API metadata and parameter definitions from
https://api.aliyun.comand the CLI installation package fromhttps://aliyuncli.alicdn.com. Both are official Aliyun (Alibaba Cloud) domains. - [CREDENTIALS_UNSAFE]: The instructions contain clear security rules against reading, printing, or hardcoding Access Keys (AK) or Secret Keys (SK), directing users to configure them outside the session or via environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user O&M requirements to generate automation templates. These templates are subsequently written to a temporary file and passed as arguments to a CLI validation command. While this represents a potential injection surface where malicious input could influence command execution, it is consistent with the skill's intended functionality for code generation and testing.
- Ingestion points: SKILL.md (Workflow Step 2 Subtask 1)
- Boundary markers: Absent
- Capability inventory: aliyun CLI (oos validate-template-content), cat, curl
- Sanitization: Absent
Audit Metadata