aws-strands
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs users to install external packages (
strands-agents,strands-agents-tools, and@strands-agents/sdk) that are not from the list of trusted GitHub organizations or repositories. Use of unverified third-party libraries can lead to supply chain attacks.\n- [Indirect Prompt Injection] (LOW): The skill facilitates the creation of agents that process untrusted user input, which could contain malicious instructions.\n - Ingestion points: User input passed to
agent()oragent.run()inSKILL.md.\n - Boundary markers: None present in the provided examples to isolate user input from system instructions.\n
- Capability inventory: The agents utilize tools (like
search_database) and AWS services viaboto3, providing a significant impact surface if the agent is compromised.\n - Sanitization: No input sanitization or validation is demonstrated in the implementation snippets.
Audit Metadata