skills/aliyun/alibabacloud-aiops-skills/alibabacloud-security-vuln-coverage-check/Gen Agent Trust Hub
alibabacloud-security-vuln-coverage-check
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands (
grep,sed) using parameters derived from user input. - Evidence: Step 3 defines commands like
grep -E '|<CVE-ID>|' references/coverage-data.mdwhere<CVE-ID>is substituted with user input. - Risk: This pattern creates a command injection vulnerability. If a user provides an identifier containing shell metacharacters (e.g., backticks, pipes, or semicolons), they could potentially execute arbitrary commands on the host environment.
- [PROMPT_INJECTION]: The skill uses extremely forceful, absolute constraints to define its operational boundaries and output format.
- Evidence: Instructions such as "STOP immediately," "The template IS the complete answer; appending anything makes it wrong," and "FORBIDDEN: Never include raw CSV data" are used to override the agent's default conversational behavior.
- Risk: While used here for professional tone and data minimization, these directives are examples of meta-instructions that attempt to bypass the model's standard response logic.
- [DATA_EXFILTRATION]: The skill is designed for high-security environments and handles vulnerability metadata locally.
- Evidence: The skill explicitly forbids network access ("No network access") and searching external sources ("FORBIDDEN: Never include raw CSV data... Do NOT fall back to web searches").
- Context: This is a positive security control aimed at preventing the exfiltration of the bundled database or the inclusion of untrusted external information.
Audit Metadata