Skills
skills/aws-samples/sample-agent-skills-for-builders/create-install-scripts/Gen Agent Trust Hub

create-install-scripts

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/setup-cicd.sh creates an IAM role and attaches the AdministratorAccess managed policy to it. This grants the CodeBuild project full administrative permissions over the AWS account for deployment purposes. While the script includes a warning for production environments, this remains a high-privilege operation.
  • [COMMAND_EXECUTION]: The skill generates and facilitates the execution of local shell scripts like install.sh and setup-cicd.sh. These scripts use the AWS CLI to modify cloud resources and perform deployment tasks.
  • [EXTERNAL_DOWNLOADS]: In references/common-pitfalls.md, the skill provides instructions for downloading the AWS CLI v2 installer directly from awscli.amazonaws.com and executing it with root privileges using sudo.
  • [PROMPT_INJECTION]: The skill defines a workflow to analyze the CDK project structure to generate tailored scripts. This represents an indirect prompt injection surface where malicious content within local project files could influence the agent's logic during script generation. No explicit boundary markers or sanitization logic are defined for this ingestion point.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 06:49 AM