alibabacloud-sms-send-short-message

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes instructions to install or update the aliyun CLI by fetching a script from Alibaba Cloud's official CDN (aliyuncli.alicdn.com) and piping it to bash. This is a standard installation procedure for the vendor's own tooling.
  • [COMMAND_EXECUTION]: The skill executes the aliyun CLI and provides a wrapper script (scripts/send_sms.sh) to simplify operations. The script incorporates security best practices, such as using shell arrays to prevent command injection and implementing validation functions for phone numbers, signature names, and template codes.
  • [PROMPT_INJECTION]: The instructions include defensive prompts that require the agent to obtain explicit user confirmation before sending messages, forbid the fabrication of signatures or templates, and mandate the masking of sensitive PII in outputs.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential handling by explicitly advising users against hardcoding AccessKeys and recommending the use of environment variables or instance RAM roles.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 06:24 PM
Security Audit — agent-trust-hub — alibabacloud-sms-send-short-message