aliyun-fc-serverless-devs
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
sudofor global installation of the@serverless-devs/sCLI and for subsequent commands. This involves elevated privileges, though a non-sudonpxalternative is also documented. The skill also performs file system operations (e.g.,mkdir,echo,printf) to generate validation markers and artifacts. - [CREDENTIALS_UNSAFE]: The skill provides explicit instructions for configuring Alibaba Cloud credentials, including
AccountID,AccessKeyID, andAccessKeySecret. It demonstrates passing these secrets through CLI arguments and environment variables. While it uses placeholders like<AK>and<SK>, it handles sensitive cloud authentication data. - [EXTERNAL_DOWNLOADS]: The skill fetches the official
@serverless-devs/spackage from the public npm registry. It also references documentation and CNAME targets hosted on official Alibaba Cloud domains (alibabacloud.comandaliyuncs.com), which are well-known services. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided inputs for cloud resource configuration and function execution payloads.
- Ingestion points: Untrusted data enters the agent context via CLI event payloads (
s invoke -e) and thes.yamlconfiguration file. - Boundary markers: None identified in the provided CLI command templates.
- Capability inventory: The skill has the capability to execute subprocesses (via
npmand thesCLI) and write to the local file system (viamkdirandecho). - Sanitization: There is no explicit sanitization or validation of user-supplied event data before it is passed to the invocation command.
Audit Metadata