alibabacloud-oos-template-generation

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install or update the Aliyun CLI using a shell script fetched from https://aliyuncli.alicdn.com/setup.sh and piped directly to bash. This script originates from the official vendor domain.
  • [COMMAND_EXECUTION]: The workflow involves executing local shell commands such as aliyun oos list-actions and aliyun oos validate-template-content to interact with Alibaba Cloud services and verify generated templates. It also utilizes system utilities like cat, curl, and jq for file operations and metadata retrieval.
  • [EXTERNAL_DOWNLOADS]: The skill downloads API metadata and parameter definitions from https://api.aliyun.com and the CLI installation package from https://aliyuncli.alicdn.com. Both are official Aliyun (Alibaba Cloud) domains.
  • [CREDENTIALS_UNSAFE]: The instructions contain clear security rules against reading, printing, or hardcoding Access Keys (AK) or Secret Keys (SK), directing users to configure them outside the session or via environment variables.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user O&M requirements to generate automation templates. These templates are subsequently written to a temporary file and passed as arguments to a CLI validation command. While this represents a potential injection surface where malicious input could influence command execution, it is consistent with the skill's intended functionality for code generation and testing.
  • Ingestion points: SKILL.md (Workflow Step 2 Subtask 1)
  • Boundary markers: Absent
  • Capability inventory: aliyun CLI (oos validate-template-content), cat, curl
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:28 PM
Security Audit — agent-trust-hub — alibabacloud-oos-template-generation