alibabacloud-sms-send-short-message
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to install or update the
aliyunCLI by fetching a script from Alibaba Cloud's official CDN (aliyuncli.alicdn.com) and piping it to bash. This is a standard installation procedure for the vendor's own tooling. - [COMMAND_EXECUTION]: The skill executes the
aliyunCLI and provides a wrapper script (scripts/send_sms.sh) to simplify operations. The script incorporates security best practices, such as using shell arrays to prevent command injection and implementing validation functions for phone numbers, signature names, and template codes. - [PROMPT_INJECTION]: The instructions include defensive prompts that require the agent to obtain explicit user confirmation before sending messages, forbid the fabrication of signatures or templates, and mandate the masking of sensitive PII in outputs.
- [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential handling by explicitly advising users against hardcoding AccessKeys and recommending the use of environment variables or instance RAM roles.
Audit Metadata