aliyun-pentesting
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides specific commands to use the Aliyun 'RunCommand' API to execute arbitrary shell scripts on ECS instances (e.g.,
aliyun ecs RunCommand --CommandContent "id; cat /etc/shadow"). - [DATA_EXFILTRATION]: Includes instructions for recursively downloading entire OSS buckets and searching through cloud logs for sensitive information such as passwords, tokens, and API keys.
- [CREDENTIALS_UNSAFE]: Details the process for harvesting temporary security credentials (STS) from the Aliyun-specific metadata endpoint (
100.100.100.200) and provides patterns for locating sensitive local files like SSH keys and configuration secrets. - [EXTERNAL_DOWNLOADS]: Recommends downloading and installing third-party exploitation tools from unverified external GitHub repositories, such as the Cloud Exploitation Framework (cf).
- [REMOTE_CODE_EXECUTION]: Provides a methodology for creating 'privileged' Kubernetes pods in ACK clusters that mount the host root filesystem, enabling container escape and host takeover.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection (Category 8) as it instructs the agent to ingest and process untrusted external data (logs, user-data, OSS objects) without implementing boundary markers or sanitization to prevent embedded malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata