alibabacloud-waf-bot-management
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the official Alibaba Cloud CLI (
aliyun) to execute OpenAPI commands for WAF management. This includes querying instance status, creating defense templates, and binding resources. All commands are documented for traceability using a specific user-agent string. - [EXTERNAL_DOWNLOADS]: The skill performs maintenance of the execution environment by running
aliyun plugin update. This fetches updates from official Alibaba Cloud repositories. - [PROMPT_INJECTION]: The skill ingests untrusted user data such as domain names, industry scenarios, and API paths, which are then used as arguments in shell commands executed via the
aliyunCLI. This creates a potential surface for indirect prompt injection. - Ingestion points: User information collected in the 'Input Collection' section of SKILL.md.
- Boundary markers: None present in the prompt interpolation templates.
- Capability inventory: Broad access to WAF configuration, logging, and address book management through the
aliyunCLI (detailed across all files). - Sanitization: The skill does not explicitly instruct the agent to sanitize or validate the format of the provided domain names or paths before interpolation.
Audit Metadata