alibaba-cloud
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official Membrane CLI tool (@membranehq/cli) from the npm registry, which is a trusted vendor resource for this skill.
- [COMMAND_EXECUTION]: The skill uses the membrane command-line tool to manage cloud connections and execute actions, involving shell command execution for authentication and resource management.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from Alibaba Cloud services.
- Ingestion points: Data returned from action execution via the membrane CLI in SKILL.md.
- Boundary markers: None provided to separate untrusted cloud data from agent instructions.
- Capability inventory: The agent can execute and create actions that interact with cloud infrastructure.
- Sanitization: No explicit sanitization of cloud service outputs is mentioned in the instructions.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill follows security best practices for credential management by delegating auth to a managed platform.
Audit Metadata