The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/ensure_env.py executes system commands with administrative privileges using sudo on Linux systems (sudo apt update, sudo apt install) to update package repositories and install system-level dependencies.
[REMOTE_CODE_EXECUTION]: scripts/ensure_env.py downloads the get-pip.py script from external URLs (bootstrap.pypa.io and mirrors.huaweicloud.com) and executes it using the Python interpreter to install package management tools.
[EXTERNAL_DOWNLOADS]: Global SSL verification is disabled in scripts/ensure_env.py by setting ssl._create_default_https_context to ssl._create_unverified_context, and specifically for cloud API calls in scripts/config.py by setting ignore_ssl_verification = True. This creates a vulnerability to man-in-the-middle (MITM) attacks during network operations.
[COMMAND_EXECUTION]: scripts/ensure_env.py uses os.execv to perform process replacement, substituting the current execution context with a new Python process within a virtual environment.
[COMMAND_EXECUTION]: The environment setup script uses subprocess.run to invoke system package managers including winget, apt, yum, dnf, and brew to install the Python interpreter and required system tools.
[PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection:
Ingestion points: Data entering the agent context includes resource names, descriptions, and metadata queried from Huawei Cloud APIs across all scripts in the scripts/ directory.
Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are used when displaying cloud resource data.
Capability inventory: The skill has the capability to execute shell commands (subprocess.run), write to the filesystem (venv creation), and perform broad network requests via the SDK.
Sanitization: Absent. Cloud API responses are printed directly to the output without filtering or escaping potentially malicious strings.

huawei-cloud-network-query