aliyun-fc-serverless-devs

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo for global installation of the @serverless-devs/s CLI and for subsequent commands. This involves elevated privileges, though a non-sudo npx alternative is also documented. The skill also performs file system operations (e.g., mkdir, echo, printf) to generate validation markers and artifacts.
  • [CREDENTIALS_UNSAFE]: The skill provides explicit instructions for configuring Alibaba Cloud credentials, including AccountID, AccessKeyID, and AccessKeySecret. It demonstrates passing these secrets through CLI arguments and environment variables. While it uses placeholders like <AK> and <SK>, it handles sensitive cloud authentication data.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the official @serverless-devs/s package from the public npm registry. It also references documentation and CNAME targets hosted on official Alibaba Cloud domains (alibabacloud.com and aliyuncs.com), which are well-known services.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided inputs for cloud resource configuration and function execution payloads.
  • Ingestion points: Untrusted data enters the agent context via CLI event payloads (s invoke -e) and the s.yaml configuration file.
  • Boundary markers: None identified in the provided CLI command templates.
  • Capability inventory: The skill has the capability to execute subprocesses (via npm and the s CLI) and write to the local file system (via mkdir and echo).
  • Sanitization: There is no explicit sanitization or validation of user-supplied event data before it is passed to the invocation command.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:23 AM
Security Audit — agent-trust-hub — aliyun-fc-serverless-devs