alibabacloud-terraform-import

Warn

Audited by Snyk on Jun 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime installation step that downloads and extracts a remote binary via curl (https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz), which would fetch and install executable code the skill then runs (aliyun CLI) and is a required dependency—so it executes remote code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs running privileged installation steps (e.g., "sudo mv aliyun /usr/local/bin/" and notes Terraform installation requiring root), which asks the agent to perform system-level changes requiring sudo and can modify the machine's state.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 03:27 PM
Issues
2
Security Audit — snyk — alibabacloud-terraform-import