Back to skill

Security audit

Alibabacloud Dataworks Data Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Alibaba Cloud DataWorks Data Agent helper, with bounded API instructions and no hidden code, but users should remember that prompts, dataset context, and attached files are sent to the cloud service.

Install only if you intend to use Alibaba Cloud DataWorks Data Agent through aliyun CLI. Review any prompt, dataset identifier, or file path before use, and do not attach secrets, credential files, personal data, or regulated datasets unless your organization has approved that cloud transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes an example that attaches a local file via a `file://` URI and sends it to a remote Data Agent, but it does not clearly warn that the file contents will be transmitted off-host to a cloud service. This can lead users to disclose sensitive local data unintentionally, especially because the skill is framed as a routine analysis workflow and encourages file-based prompting.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples explicitly show sending free-form prompt text and local file URIs to a remote Data Agent service without any warning about sensitive data handling, consent, or path exposure. In a skill whose purpose is conversational data analysis, users may reasonably include proprietary datasets or local file references, so the omission increases the risk of unintended exfiltration of sensitive content or metadata to a third-party API.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file-attachment example instructs users to send a local file via a file:// URI to a remote Data Agent service but does not clearly warn that the file’s contents will leave the local environment. This creates a real risk of inadvertent exfiltration of sensitive local data, especially because the skill is explicitly designed for conversational data analysis and users may attach internal business datasets without understanding the transmission boundary.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The dataset-context example passes dataset identifiers and query context to the remote service without warning users that these identifiers and associated context may reveal internal system structure or sensitive business metadata. While less severe than direct file upload, this can still leak information about internal datasets, tenancy, or analysis targets to an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.