aws-sdk-java-v2-bedrock
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Detected an indirect prompt injection surface area because the skill facilitates processing untrusted user data through foundation models.
- Ingestion points: User-provided prompt strings are passed directly to model invocation methods in SKILL.md and advanced-model-patterns.md.
- Boundary markers: The documentation suggests sanitizing inputs as a best practice in the SKILL.md warnings section, but the provided code snippets do not implement automated delimiters or ignore instructions.
- Capability inventory: The skill uses BedrockRuntimeClient for network-based model invocation and lists Bash as an allowed tool in its metadata.
- Sanitization: No programmatic sanitization or validation logic is included in the Java patterns to filter or escape the input data before it reaches the model provider.
Audit Metadata