aws-ses-inbound
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes several
awsCLI commands to manage SES and SNS resources. These operations are directly aligned with the stated purpose of the skill and do not involve suspicious command chaining or hidden payloads. - [EXTERNAL_DOWNLOADS] (SAFE): The documentation suggests installing the AWS CLI via
piporbrew. These are trusted sources and standard tools for AWS infrastructure management, satisfying the [TRUST-SCOPE-RULE]. - [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) This skill configures an infrastructure that ingests untrusted data from external emails. While the skill itself is safe, the resulting system has a surface for indirect prompt injection if a downstream agent processes the raw MIME content without sanitization.
- Ingestion points: Amazon SES receives inbound emails from the public internet (SKILL.md, Step 5).
- Boundary markers: None specified for the email content handling.
- Capability inventory: The skill configures AWS services using the
awsCLI but does not execute logic on the received data itself. - Sanitization: The skill advises using a parser (e.g.,
mailparser) but does not provide or implement sanitization logic for the content.
Audit Metadata