aws-cloudformation

The skill presents a coherent purpose-strength alignment: it is a guidance-focused wrapper around an external AWS provisioning plugin. However, the footprint raises notable security concerns: reliance on an unverifiable third-party plugin, potential credential handling unknowns, and supply-chain risk. The absence of explicit credential management, per-action consent controls, and provenance verification makes the deployment path potentially unsafe in untrusted contexts. Given these signals, the skill should be classified as SUSPICIOUS with elevated scrutiny for supply-chain integrity and credential handling, rather than clearly benign.