Skills
skills/aliyun/alibabacloud-aiops-skills/alibabacloud-pds-multimodal-search/Gen Agent Trust Hub

alibabacloud-pds-multimodal-search

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the official Aliyun CLI installation script from the vendor's CDN (https://aliyuncli.alicdn.com/install.sh). This is a standard and expected operation for setting up the required environment.
  • [REMOTE_CODE_EXECUTION]: Executes the Aliyun CLI installation script by piping the download directly to bash. While this pattern is often flagged, in this context, it is the vendor's official installation method for their own infrastructure tool.
  • [COMMAND_EXECUTION]: Interacts with cloud resources by executing aliyun CLI commands and several helper Python scripts for query construction (build_query.py), task polling (pds_poll_processor.py), and result formatting. Command execution within the Python scripts is handled securely using subprocess.run with shell=False and argument lists to prevent shell injection.
  • [PROMPT_INJECTION]: Includes explicit security guidelines that forbid the agent from printing, requesting, or handling Alibaba Cloud AccessKey and SecretKey values in plaintext, directing users to secure configuration methods instead.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:43 PM