The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Grep and Glob to search for specific configuration patterns (e.g., MultiAZ, AutoScaling) within user-provided local files to automate assessment answers. This behavior is well-scoped to the tool's primary function.
[DATA_EXFILTRATION]: There are no network tools (like curl or fetch) allowed in the allowed-tools configuration. No hardcoded credentials, API keys, or patterns suggesting the unauthorized transmission of data to external endpoints were detected.
[PROMPT_INJECTION]: The instructions do not contain any directives meant to subvert safety guidelines or override the agent's core behavioral constraints. The prompts are strictly task-oriented, guiding the user through a structured maturity model.
[EXTERNAL_DOWNLOADS]: References to external resources are limited to official AWS documentation and GitHub repositories within the aws-samples organization, which is a recognized and expected source for this type of utility.
[INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data as it processes user-provided documents and code.
Ingestion points: Technical documents and IaC files analyzed in SKILL_EN.md Step 3.1 using the Read and Grep tools.
Boundary markers: The instructions do not define explicit delimiters for the content of read files.
Capability inventory: Includes Read, Write, Grep, and Glob permissions.
Sanitization: The skill uses the ingested data for internal classification and scoring rather than immediate code execution or shell interpolation.

rma-assessment-assistant