alibabacloud-pai-dlc-job

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Alibaba Cloud CLI from official vendor domains. These are trusted sources for the author 'aliyun'.
  • Evidence: references/cli-installation-guide.md contains download links such as https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz and https://aliyuncli.alicdn.com/aliyun-cli-windows-latest-amd64.zip for binary installation.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the aliyun CLI to manage cloud resources, including job creation, deletion, and system configuration.
  • Evidence: SKILL.md and references/verification-method.md include numerous command examples like aliyun pai-dlc create-job and aliyun configure set --auto-plugin-install true.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and processes external data such as pod logs and job events, which could contain malicious instructions.
  • Ingestion points: Data enters the context via aliyun pai-dlc get-pod-logs and aliyun pai-dlc get-job-events.
  • Boundary markers: None identified; output is directly presented to the agent context.
  • Capability inventory: The skill has high-privilege capabilities including resource creation and lifecycle management (stop-job, update-job) via the Aliyun CLI.
  • Sanitization: No explicit sanitization or filtering of log/event content is performed before the agent processes the output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-pai-dlc-job