alibabacloud-pai-resource-group-management

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust confirmation gate mechanism for all mutating actions (create, update, delete). The agent is strictly forbidden from executing these commands in the same turn as the user request, requiring a separate message from the user with a literal token like "CONFIRM <RG_NAME>".
  • [SAFE]: A mandatory "--cli-dry-run" is required before any confirmation prompt is issued for update or delete operations, ensuring the user can preview the resolved request payload.
  • [SAFE]: High-risk billing-impacting commands, such as MachineGroup deletion, are explicitly identified and forbidden to prevent accidental capacity loss or unintended financial consequences.
  • [COMMAND_EXECUTION]: The skill manages Alibaba Cloud resources through the official "aliyun" CLI, enforcing the use of unique "--user-agent" session headers for auditable command tracking.
  • [EXTERNAL_DOWNLOADS]: Instructions for the Aliyun CLI installation point to official, well-known, and trusted vendor sources on GitHub and Alibaba Cloud's documentation portal.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:00 AM
Security Audit — agent-trust-hub — alibabacloud-pai-resource-group-management