The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The script scripts/aws-profile-manager.sh contains a function show_profile_info that uses awk to extract and print the raw contents of the user's AWS credentials file (~/.aws/credentials). This exposes sensitive aws_access_key_id and aws_secret_access_key to the agent's context and logs.
Persistence Mechanisms (HIGH): The script scripts/aws-profile-manager.sh includes a function set_default_profile that appends export commands to ~/.bashrc and ~/.zshrc. This modifies the user's environment permanently across sessions.
External Downloads (LOW): references/AWS-CLI-BEST-PRACTICES.md contains instructions to download the AWS CLI v2 from awscli.amazonaws.com. While the installation uses sudo, the source is a trusted official provider.
Indirect Prompt Injection (LOW): The skill is designed to interact with AWS logs and resources. Ingestion points: Where untrusted data enters agent context (aws logs tail and aws logs filter-log-events). Boundary markers: Delimiters or 'ignore embedded instructions' warnings are absent. Capability inventory: Full AWS CLI access and shell script execution across multiple scripts. Sanitization: Escaping or validation of log content is absent, creating a surface where malicious log entries could influence the agent's subsequent actions.

aws-cli