Skills
skills/cinience/alicloud-skills/aliyun-sls-log-query/Gen Agent Trust Hub

aliyun-sls-log-query

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the official aliyun-log-python-sdk from a public package registry. This is a well-known library for interacting with Alibaba Cloud services.
  • [COMMAND_EXECUTION]: Provides Python scripts (query_logs.py and troubleshoot.py) that perform network requests to official Alibaba Cloud SLS endpoints to retrieve log data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external source (Alibaba Cloud SLS logs).
  • Ingestion points: The fetch_logs function in both scripts/query_logs.py and scripts/troubleshoot.py retrieves log entries via the Alibaba Cloud SDK.
  • Boundary markers: Log content is processed and displayed as JSON objects without explicit delimiters or instructions to the agent to ignore any embedded commands within the log fields.
  • Capability inventory: The skill utilizes network capabilities to fetch data but does not contain local file-writing or system-level execution capabilities that could be triggered by the ingested data.
  • Sanitization: No sanitization or filtering is applied to the log content before it is presented to the agent for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 12:42 PM