aws-sdk-java-v2-messaging
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill documentation describes patterns for consuming messages from SQS and SNS, which are entry points for untrusted external data.
- Ingestion points: Documented in
references/detailed-sqs-operations.mdandreferences/spring-boot-integration.mdthrough the use ofsqsClient.receiveMessage(). - Boundary markers: Not applicable to these code snippets.
- Capability inventory: The skill uses tools like
Bash,Write, andEditas listed in the frontmatter. - Sanitization: The author explicitly includes a safety warning in the 'Constraints and Warnings' section of
SKILL.md, stating that users must validate and sanitize message body content as it may contain untrusted payloads. - [CREDENTIALS_UNSAFE]: The skill provides instructions for configuring AWS credentials via environment variables.
- Evidence:
SKILL.mdcontains shell commands likeexport AWS_ACCESS_KEY_ID=your-access-key. - Assessment: These are standard setup instructions using recognizable placeholders ('your-access-key', 'your-secret-key') and do not contain hardcoded secrets or sensitive information.
Audit Metadata