lambda
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill demonstrates processing data from external event sources (API Gateway, SQS, S3), which presents a surface for indirect prompt injection if an attacker-controlled event triggers the agent.
- Ingestion points: Lambda 'handler' functions throughout SKILL.md and debugging.md process an 'event' object from untrusted sources.
- Boundary markers: No explicit delimiters or boundary instructions are included in the educational code snippets.
- Capability inventory: The skill allows the agent to create, update, and invoke AWS Lambda functions via the CLI and boto3.
- Sanitization: Input validation and sanitization are not shown in these basic documentation examples.
- Unverifiable Dependencies (SAFE): The skill refers to standard, well-known Python packages for cloud development.
- Evidence: References to boto3, requests, aws-xray-sdk, and aws-lambda-powertools are standard and consistent with the skill's stated purpose.
Audit Metadata