alibabacloud-devops

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and executes the alibabacloud-devops-mcp-server package from the public npm registry using npx. This package is a vendor-aligned resource intended to facilitate communication with Alibaba Cloud services.
  • [COMMAND_EXECUTION]: The instructions and configuration utilize shell execution via npx and mcporter to initialize the MCP server and invoke various DevOps tools.
  • [DATA_EXFILTRATION]: The skill processes project data and code content from the Yunxiao platform. While it requires a YUNXIAO_ACCESS_TOKEN, the environment variable configuration follows standard security practices for credential management, and no hardcoded secrets were detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from external sources such as source code files (get_file_blobs), merge request comments (list_change_request_comments), and work item details.
  • Ingestion points: get_file_blobs, list_change_request_comments, get_work_item, get_pipeline_job_run_log (SKILL.md).
  • Boundary markers: No explicit instruction-ignoring delimiters are defined in the tool descriptions.
  • Capability inventory: The skill has extensive write and execution capabilities, including file creation/modification (create_file, update_file) and pipeline triggering (create_pipeline_run, execute_pipeline_job_run).
  • Sanitization: No specific sanitization or validation of the ingested content is mentioned before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 08:34 AM
Security Audit — agent-trust-hub — alibabacloud-devops