alibabacloud-security-vuln-coverage-check

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands (grep, sed) using parameters derived from user input.
  • Evidence: Step 3 defines commands like grep -E '|<CVE-ID>|' references/coverage-data.md where <CVE-ID> is substituted with user input.
  • Risk: This pattern creates a command injection vulnerability. If a user provides an identifier containing shell metacharacters (e.g., backticks, pipes, or semicolons), they could potentially execute arbitrary commands on the host environment.
  • [PROMPT_INJECTION]: The skill uses extremely forceful, absolute constraints to define its operational boundaries and output format.
  • Evidence: Instructions such as "STOP immediately," "The template IS the complete answer; appending anything makes it wrong," and "FORBIDDEN: Never include raw CSV data" are used to override the agent's default conversational behavior.
  • Risk: While used here for professional tone and data minimization, these directives are examples of meta-instructions that attempt to bypass the model's standard response logic.
  • [DATA_EXFILTRATION]: The skill is designed for high-security environments and handles vulnerability metadata locally.
  • Evidence: The skill explicitly forbids network access ("No network access") and searching external sources ("FORBIDDEN: Never include raw CSV data... Do NOT fall back to web searches").
  • Context: This is a positive security control aimed at preventing the exfiltration of the bundled database or the inclusion of untrusted external information.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 08:41 AM
Security Audit — agent-trust-hub — alibabacloud-security-vuln-coverage-check