atmos-stores
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by providing functions to read data from external stores (AWS SSM, Redis, etc.) and interpolate it into stack configurations and Go templates.
- Ingestion points: External data enters the agent context via the
!storeand!store.getYAML functions defined inSKILL.md. - Boundary markers: No boundary markers or explicit instructions are present to delimit untrusted external content from the agent's internal logic.
- Capability inventory: Data retrieved from external stores is used to drive Terraform variable configuration and lifecycle hooks (
after-terraform-apply). - Sanitization: There is no evidence of validation or sanitization of external data before it is interpolated into the configuration pipeline.
Audit Metadata