aws-agentic-ai
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface identified. Ingestion points: The skill describes using the 'Browser' service for web scraping and the 'Gateway' service for converting REST APIs to tools, both of which ingest untrusted content into the agent context. Boundary markers: No instructions for delimiting or ignoring embedded commands within external data are present. Capability inventory: The skill enables high-privilege operations including 'Code Interpreter' (serverless code execution), 'Identity' (credential and API key management), and 'Gateway' (outbound REST API calls). Sanitization: There is no mention of sanitizing or validating external content before processing.
- [COMMAND_EXECUTION] (MEDIUM): The skill facilitates the use of the 'Code Interpreter' service. While intended for sandboxed execution, this provides a powerful execution primitive that could be exploited if an attacker successfully injects instructions via the browser or gateway ingestion points.
Recommendations
- AI detected serious security threats
Audit Metadata