Skills
skills/aliyun/alibabacloud-aiops-skills/alibabacloud-sysom-diagnosis/Gen Agent Trust Hub

alibabacloud-sysom-diagnosis

Fail

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses importlib.import_module() in scripts/sysom_cli/core/registry.py to dynamically load command modules based on directory scanning at runtime. This dynamic loading pattern is used to register diagnostic commands from subdirectories.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and executes scripts from remote URLs during installation and initialization. In SKILL.md, it downloads an Aliyun CLI setup script from https://aliyuncli.alicdn.com/setup.sh, and in scripts/init.sh, it downloads a package manager installer from https://astral.sh/uv/install.sh. These downloads target the vendor's own infrastructure and a well-known service provider respectively.
  • [COMMAND_EXECUTION]: Multiple scripts execute system commands to collect diagnostic data. scripts/sysom_cli/lib/kernel_log.py executes journalctl and dmesg, while scripts/sysom_cli/memory/lib/classify_engine.py executes ps to sample process memory usage.
  • [CREDENTIALS_UNSAFE]: The skill interacts with local authentication configuration. In scripts/sysom_cli/lib/auth.py and scripts/sysom_cli/configure/command.py, the skill reads and writes to ~/.aliyun/config.json and accesses environment variables like ALIBABA_CLOUD_ACCESS_KEY_ID to manage cloud credentials. It includes guidance to prevent users from sharing secrets directly in chat.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing untrusted external data.
  • Ingestion points: System kernel logs collected in scripts/sysom_cli/lib/kernel_log.py and structured OpenAPI responses processed in scripts/sysom_cli/lib/diagnosis_helper.py.
  • Boundary markers: There are no explicit markers or delimiters used to separate untrusted system data from the agent's instructional context.
  • Capability inventory: The skill has the ability to execute shell commands and perform network operations via the Aliyun SDK.
  • Sanitization: No specific filtering or escaping logic was found for external data before it is presented to the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh, https://aliyuncli.alicdn.com/setup.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 28, 2026, 05:34 AM