Skills
skills/aws-samples/sample-strands-agent-with-agentcore/diagram-generator/Gen Agent Trust Hub

diagram-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The tool generate_diagram_and_validate executes the string provided in the python_code parameter. This is a primary RCE vector as the code is interpreted at runtime.
  • [COMMAND_EXECUTION] (HIGH): There is no programmatic restriction on Python imports or functions, allowing an attacker to use modules like os or subprocess to execute shell commands within the interpreter environment.
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it transforms user-influenced data into executable code. 1. Ingestion point: python_code parameter in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Full Python code execution via the Bedrock Code Interpreter. 4. Sanitization: Absent. Malicious instructions embedded in user requests or processed data could be used to generate and execute malicious Python code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:03 AM