template-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted CloudFormation templates (template.yaml) and possesses command execution capabilities (aws, cfn-lint, taskcat). Malicious instructions embedded in template fields like 'Description' or metadata could influence the agent's next steps or decision-making. * Ingestion points: template.yaml, .taskcat.yml. * Boundary markers: Absent. * Capability inventory: aws cloudformation, cfn-lint, taskcat, pip install, gem install. * Sanitization: None.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs runtime installation of third-party packages (cfn-lint, taskcat, cfn-nag) using pip and gem. While cfn-lint and taskcat are reputable, installation without version pinning and at runtime presents a supply chain risk.
- COMMAND_EXECUTION (LOW): The skill relies on executing multiple system commands (AWS CLI, linters, and testers) to perform its stated purpose, which increases the potential impact of other vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata