The Agent Skills Directory

[Security Configuration Guidance]: The skill provides detailed instructions on implementing least-privilege IAM roles, using AWS Secrets Manager for credential management, and enabling CloudTrail for audit logging. These are industry-standard practices that significantly enhance the security posture of the deployed applications.
[Data Protection Measures]: There is a strong emphasis on protecting sensitive data through KMS encryption at rest and in transit. The skill explicitly warns about the 'PII logging compliance gap' in Guardrails and provides clear remediation steps, which is a proactive security feature.
[Input Validation Practices]: The documentation consistently advises developers to treat all agent-generated parameters and tool inputs as untrusted data. It recommends using Pydantic models or equivalent schema validation before processing inputs in Lambda functions or containers.
[Infrastructure Management]: The skill guides users through building ARM64 containers and deploying them to AgentCore. It includes security-focused Dockerfile examples that use non-root users and multi-stage builds to minimize the attack surface of the resulting images.
[Dependency Management]: The skill references standard AWS SDKs (boto3, @aws-sdk/client-bedrock-runtime) and well-known web frameworks. It correctly identifies the need for recent versions to support specific API features, ensuring that the latest security patches are likely in place.
[Indirect Prompt Injection Surface]: As an AI agent skill that processes data from external sources (S3, SharePoint, etc.), it acknowledges the inherent risk of indirect prompt injection. It mitigates this by teaching the use of 'guardContent' blocks and Bedrock Guardrails to isolate and evaluate untrusted content.

amazon-bedrock