alibabacloud-waf-bot-management

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the official Alibaba Cloud CLI (aliyun) to execute OpenAPI commands for WAF management. This includes querying instance status, creating defense templates, and binding resources. All commands are documented for traceability using a specific user-agent string.
  • [EXTERNAL_DOWNLOADS]: The skill performs maintenance of the execution environment by running aliyun plugin update. This fetches updates from official Alibaba Cloud repositories.
  • [PROMPT_INJECTION]: The skill ingests untrusted user data such as domain names, industry scenarios, and API paths, which are then used as arguments in shell commands executed via the aliyun CLI. This creates a potential surface for indirect prompt injection.
  • Ingestion points: User information collected in the 'Input Collection' section of SKILL.md.
  • Boundary markers: None present in the prompt interpolation templates.
  • Capability inventory: Broad access to WAF configuration, logging, and address book management through the aliyun CLI (detailed across all files).
  • Sanitization: The skill does not explicitly instruct the agent to sanitize or validate the format of the provided domain names or paths before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:28 PM
Security Audit — agent-trust-hub — alibabacloud-waf-bot-management