alibabacloud-sls-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls aliyun sls get-index (Step 1) and aliyun sls get-logs-v2 (Step 5) in SKILL.md to fetch Logstore index configuration and log data—these are user-generated, untrusted inputs that the agent must read and which directly influence mode selection, statement construction, and subsequent CLI actions, creating a clear path for indirect prompt injection.