aws-lambda-functions
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of well-known utility libraries including 'lodash', 'axios', and 'moment' from the official npm registry for use in Lambda layers.
- [COMMAND_EXECUTION]: Includes automated and manual instructions to execute AWS CLI commands and Terraform scripts for provisioning cloud resources, specifically IAM roles ('aws iam create-role') and permission policies required for serverless deployments.
- [PROMPT_INJECTION]: The example code in 'references/lambda-function-with-nodejs.md' exposes an indirect prompt injection surface by processing untrusted data from external AWS event sources.
- Ingestion points: Untrusted data enters the agent-provided template via 'event.body' and 'event.Records' fields.
- Boundary markers: The code lacks explicit delimiters or instructions to prevent the underlying model or application from misinterpreting event data as commands.
- Capability inventory: The provided script demonstrates capabilities for console logging and simulated database interaction based on the input payload.
- Sanitization: The example performs basic JSON parsing but does not implement validation or sanitization of the incoming event content.
Audit Metadata