spaces
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The management scripts
scripts/_lib.shandscripts/rotate_spaces_key.shoutput newly generated Spaces access and secret keys directly to the console. While intended to allow users to save the one-time secret, this behavior exposes credentials to the AI agent's output buffer and potential platform logs. - Evidence:
echo "Access Key: $access_key"andecho "Secret Key: $secret_key"inscripts/_lib.sh(line 186-187) andscripts/rotate_spaces_key.sh(line 52-53). - [COMMAND_EXECUTION]: The documentation and troubleshooting guides recommend using
sudofor administrative operations, including tool installation and system clock synchronization. - Evidence:
sudo ./aws/installinreference/aws-cli-operations.mdandsudo ntpdate pool.ntp.orginreference/troubleshooting.md. - [PROMPT_INJECTION]: The script
scripts/view_access_logs.shdownloads and searches through S3-compatible access logs. This creates an indirect prompt injection surface where malicious data in the logs could potentially influence the agent's behavior during log analysis. - Ingestion points:
scripts/view_access_logs.sh(reading from bucket viaaws s3 syncat line 104). - Boundary markers: Absent; log data is processed without delimiters or instructions to ignore embedded content.
- Capability inventory: Shell command execution (
grepat line 108), network operations (aws s3 sync). - Sanitization: No sanitization or content validation is performed on the downloaded log files before processing.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the AWS CLI and syncing data from DigitalOcean Spaces endpoints. These operations target well-known and trusted infrastructure.
- Evidence:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"inreference/aws-cli-operations.md.
Audit Metadata