aws-ec2-setup
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The user-data script executed at boot fetches and runs remote code — notably git clone https://github.com/myorg/myapp.git (then npm install and systemd starts node index.js) and wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb which is installed — so these runtime URLs directly deliver and execute code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes user-data and shell commands that modify system files (e.g., writing /etc/systemd/system/myapp.service, running apt-get/dpkg, systemctl commands, and installing agents), which are actions that change machine state and require root privileges, so it could cause the agent to modify the host/system state.
Audit Metadata