alibabacloud-pds-multimodal-search
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Alibaba Cloud CLI installation script and binary packages from the official vendor CDN (aliyuncli.alicdn.com). These resources originate from a well-known service provider.
- [REMOTE_CODE_EXECUTION]: The installation guide provides instructions to execute the vendor's official CLI installation script via a piped bash command. This operation is directed at a trusted vendor source.
- [COMMAND_EXECUTION]: The script
scripts/pds_poll_processor.pyinvokes thealiyunCLI usingsubprocess.runwith a list of arguments andshell=False. This implementation follows security best practices to prevent command injection. - [EXTERNAL_DOWNLOADS]: Utility scripts download analysis results and associated images from signed URLs pointing to Alibaba Cloud storage infrastructure (
aliyuncs.com). - [PROMPT_INJECTION]: The skill processes untrusted data from external files, creating an indirect prompt injection attack surface.
- Ingestion points: Document and video analysis results (summaries, keywords, transcripts) are downloaded and processed by
scripts/doc_analysis_formatter.pyandscripts/video_analysis_formatter.py. - Boundary markers: The scripts do not implement explicit boundary markers or instructions to ignore embedded prompts within the processed content.
- Capability inventory: The skill possesses capabilities for network operations (via the
requestslibrary), shell command execution (via thealiyunCLI inscripts/pds_poll_processor.py), and local file system access. - Sanitization: While content is structured via JSON parsing, the textual content is not subjected to specific sanitization or filtering before being presented to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/install.sh - DO NOT USE without thorough review
Audit Metadata