Skills
skills/aws-samples/sample-agent-skills-for-builders/aws-cdk-development/Gen Agent Trust Hub

aws-cdk-development

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install development dependencies such as cdk-nag from public registries and references official AWS documentation and repositories for configuration.
  • [COMMAND_EXECUTION]: The skill includes a validation script (scripts/validate-stack.sh) that identifies project types and executes cdk synth. It also has permissions to run several CLI tools, including cdk, npm, npx, and aws, which execute code and commands based on the contents of the local project directory.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes untrusted data from the local project environment to provide guidance and validation.
  • Ingestion points: The agent reads local files like package.json, requirements.txt, and CloudFormation templates in cdk.out/.
  • Boundary markers: No delimiters or instructions are used to distinguish data from potential instructions within the ingested files.
  • Capability inventory: The skill can execute shell commands (cdk, npm, aws) and read project files.
  • Sanitization: Content read from local files is not sanitized before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 09:27 AM