The Agent Skills Directory

[DATA_EXPOSURE_EXFILTRATION]: The skill manages configuration and trial identification within a local hidden directory (~/.qbi/). It communicates exclusively with Alibaba Cloud domains (aliyun.com and its subdomains), which are consistent with the skill's authorship and purpose.
[COMMAND_EXECUTION]: The skill uses subprocess.run to execute local utilities like libreoffice for Word document conversion, Node.js for parsing dashboard JSON, and system browsers (Chrome/Edge) for generating chart screenshots. These operations use hardcoded or system-resolved paths and are used for their intended analytical purposes.
[DYNAMIC_EXECUTION]: The skill includes a mechanism for checking dashboard updates by running a local Python check. This is used to maintain data integrity and is restricted to local script execution.
[INDIRECT_PROMPT_INJECTION]: The skill processes user-uploaded documents (Excel, PDF, Word) and API responses. While this presents a standard data-processing attack surface, the skill implements specific routing logic and relies on the platform's underlying security boundaries for execution.

alibabacloud-quickbi-smartq