alibabacloud-polardb-mysql-sql-lint
Fail
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes a configuration script from the vendor's official CDN (https://aliyuncli.alicdn.com/setup.sh) via a shell pipe.\n- [COMMAND_EXECUTION]: The scripts/sql_lint.py script constructs and executes shell commands using subprocess.run with shell=True. User-supplied SQL input is placed directly into these command strings in the diagnose_sql and diagnose_multiple functions, providing an injection vector.\n- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of the Aliyun CLI and required plugins from vendor-owned domains during the initialization and diagnostic phases.
Recommendations
- HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata