The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to transcribe values from error messages (like EncodedDiagnosticMessage) and interpolate them directly into bash commands (e.g., aliyun ram DecodeDiagnosticMessage --EncodedDiagnosticMessage "<transcribed-value>"). This pattern creates a command injection vulnerability if the error source (e.g., a resource name or mock service) is controlled by an attacker who can inject shell metacharacters into the transcribed fields.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted error data and local reference files to influence agent behavior. * Ingestion points: Raw error fields from Alibaba Cloud API responses (SKILL.md) and permission hint files (references/ram-policies.md) read from the project directory. * Boundary markers: None are defined to separate untrusted error data from agent instructions during transcription or analysis. * Capability inventory: The agent has access to the Bash tool to execute aliyun CLI commands and is authorized to perform privileged RAM policy modifications (SKILL.md, references/ram-policies.md). * Sanitization: There is no evidence of sanitization, validation, or escaping of the parsed error fields before they are interpolated into tool calls or reasoning prompts.

alibabacloud-ram-permission-diagnose