The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The skill explicitly references sensitive local file paths ~/.aws/credentials and ~/.aws/config. An agent utilizing this skill could be induced to read or upload these files to an external service, leading to immediate account compromise.
COMMAND_EXECUTION (HIGH): The skill provides instructions for administrative actions such as aws iam create-access-key and aws iam attach-user-policy, which can be leveraged to escalate privileges or create persistent backdoors. It also includes commands to open security groups to the entire internet (0.0.0.0/0).
DATA_EXFILTRATION (MEDIUM): Commands for S3 data transfer (aws s3 sync, aws s3 cp) and pre-signed URL generation (aws s3 presign) provide the capability to move large amounts of local or cloud data to external locations without oversight.
INDIRECT PROMPT INJECTION (HIGH): Per Category 8 analysis: (1) Ingestion points include aws lambda invoke payloads, S3 object content, and CloudWatch logs; (2) No boundary markers are defined; (3) Capabilities are Tier: HIGH (infrastructure modification, IAM control, code execution via Lambda); (4) No sanitization or validation of external data is present, making the agent highly vulnerable to instructions embedded in processed AWS data.

aws-cli