amazon aurora dsql
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes bash scripts in the 'scripts/' directory for high-impact infrastructure operations, such as 'create-cluster.sh' and 'delete-cluster.sh', as well as 'psql-connect.sh' for generating IAM authentication tokens.
- [COMMAND_EXECUTION]: The 'transact' tool executes raw SQL statements. The documentation explicitly notes that parameterized queries are not available, shifting the responsibility for SQL injection prevention to manual string sanitization by the AI agent.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists via tools that ingest untrusted data from external sources.
- Ingestion points: Results from 'readonly_query' and content from 'dsql_read_documentation'.
- Boundary markers: None identified in the provided instructions for delimiting external data.
- Capability inventory: Database modification via 'transact' and infrastructure management via the provided CLI scripts.
- Sanitization: The instructions mandate that the agent use regex, allowlists, and quote escaping for manual input sanitization.
- [EXTERNAL_DOWNLOADS]: The skill references code samples from the official 'aws-samples/aurora-dsql-samples' GitHub repository and official AWS documentation, which are well-known and trusted sources.
Audit Metadata