iot-cloud
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes telemetry and registry data from external IoT devices which could contain malicious instructions.
- Ingestion points: The skill handles telemetry streams and device shadow/twin updates from external edge devices connected to AWS, GCP, or Azure (referenced in 'Key Capabilities' and 'Integration Notes').
- Boundary markers: There are no instructions or patterns provided to encapsulate or ignore potentially malicious content within the device data payloads.
- Capability inventory: The skill has the ability to execute cloud CLI commands and SDK methods (boto3) to provision resources and route data based on these external inputs.
- Sanitization: No data validation or sanitization logic is suggested for the incoming IoT device messages.
Audit Metadata