The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the Alibaba Cloud CLI and its DAS plugin from official Alibaba Cloud domains (aliyuncli.alicdn.com). These are standard installation procedures for the vendor's official tools and do not represent a security risk when used as intended.
[REMOTE_CODE_EXECUTION]: Automated scans detected remote code execution via 'curl | bash' patterns. Analysis confirms these target official Alibaba Cloud installation scripts for the aliyun CLI. This is a common and legitimate deployment method for the tool required by this skill.
[COMMAND_EXECUTION]: The skill uses a bash script (call_yaochi_agent.sh) to wrap the official aliyun CLI 'das' plugin. The script manages API parameters, handles Server-Sent Events (SSE) streaming, and implements retry logic for throttling, which are standard operations for database management assistants.
[CREDENTIALS_UNSAFE]: The skill follows security best practices for credential management. It explicitly instructs users not to hardcode or print Access Key/Secret Key values and relies on the user's pre-existing, secure aliyun CLI configuration or OAuth sessions.
[DATA_EXFILTRATION]: No suspicious data exfiltration patterns were detected. Network communication is limited to official Alibaba Cloud API endpoints (das.cn-shanghai.aliyuncs.com) for the purpose of database diagnostics.
[PROMPT_INJECTION]: The instructions do not contain attempts to override system safety guidelines or extract sensitive prompt data. It includes clear boundaries for parameter confirmation.

alibabacloud-polardbx-ai-assistant