react-native-kms-module
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes arbitrary string inputs for encryption and decryption, establishing a potential surface for indirect prompt injection if the output is later consumed by an LLM.
- Ingestion points: Data enters the skill context through the
plainTextparameter in theencryptfunction and thecipherTextparameter in thedecryptfunction. - Boundary markers: No specific delimiters or instructions (e.g., 'treat this as untrusted data') are suggested in the usage examples to isolate these inputs from the agent's instructions.
- Capability inventory: The skill is limited to calling AWS KMS cryptographic APIs; it does not demonstrate capabilities for shell execution, subprocess spawning, or dynamic script evaluation.
- Sanitization: There is no evidence of input validation or sanitization to prevent malicious instruction embedding within the encrypted or decrypted payloads.
- [EXTERNAL_DOWNLOADS]: The skill requires an external Node.js library to function.
- Evidence: References the
@boostbrothers/react-native-aws-kmspackage. - Context: The package is provided by the recognized vendor (boostbrothers) and is treated as a trusted dependency for the skill's intended purpose.
- [DATA_EXFILTRATION]: The skill performs network operations to reach AWS infrastructure.
- Evidence: The
initfunction configures communication with AWS KMS endpoints based on the provided region. - Status: This is part of the core functionality; no unauthorized data transfer to non-whitelisted or suspicious domains was identified.
- [CREDENTIALS_UNSAFE]: The skill's initialization method handles sensitive AWS access keys.
- Evidence: The API includes parameters for
accessKey,secretKey, andsessionToken. - Mitigation: The documentation provides a clear security warning against hardcoding secrets in source code and recommends using dynamic identity providers or STS tokens instead.
Audit Metadata