alibabacloud-polardb-mysql-sql-lint

Fail

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes a configuration script from the vendor's official CDN (https://aliyuncli.alicdn.com/setup.sh) via a shell pipe.\n- [COMMAND_EXECUTION]: The scripts/sql_lint.py script constructs and executes shell commands using subprocess.run with shell=True. User-supplied SQL input is placed directly into these command strings in the diagnose_sql and diagnose_multiple functions, providing an injection vector.\n- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of the Aliyun CLI and required plugins from vendor-owned domains during the initialization and diagnostic phases.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 6, 2026, 02:35 AM
Security Audit — agent-trust-hub — alibabacloud-polardb-mysql-sql-lint