aws-well-architected-review
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands through the
Bashtool to interact with the AWS CLI. The analysis confirms that these commands are exclusively read-only (Describe,Get,List) operations. The skill includes a robust security feature incredential-boundary.mdandSKILL_EN.mdthat explicitly validates the current IAM credentials and halts execution if write or administrative permissions (e.g.,Create,Delete,Update,*) are detected. - [EXTERNAL_DOWNLOADS]: The skill references other repositories and skills within the
aws-samplesGitHub organization. These are used for installation instructions and integration (e.g.,npx skills add aws-samples/...). Sinceaws-samplesis the skill's authoring organization and a well-known vendor, these references are considered legitimate and safe. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted data from the AWS environment, specifically resource names, tags, and metadata (e.g., EC2 instance names, VPC tags) using various
awsCLI commands. - Boundary markers: The skill does not employ specific delimiters or markers to neutralize instructions that might be embedded in AWS resource metadata.
- Capability inventory: The skill has the capability to execute shell commands (
Bash) and write files (Write) to the local filesystem for reporting. - Sanitization: The
scripts/generate-html-report.pyscript performs basic markdown-to-html conversion using regex but does not perform HTML entity encoding or robust sanitization on the ingested resource names. This creates a surface for Cross-Site Scripting (XSS) if a report is generated for an environment containing malicious resource names (e.g., an EC2 instance tagged with a script tag). This is a low-risk finding associated with report generation.
Audit Metadata