sqs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (SAFE): No direct prompt injection patterns, role-play overrides, or instructions to bypass safety guidelines were found.
- [Data Exposure & Exfiltration] (SAFE): The skill uses placeholder AWS account IDs (123456789012) and queue names. No hardcoded credentials or sensitive local file path accesses were detected.
- [Indirect Prompt Injection] (LOW): The skill demonstrates ingesting untrusted data from external message queues.
- Ingestion points: untrusted data enters the agent context via
sqs.receive_message(SKILL.md) and the Lambdaevent['Records']handler. - Boundary markers: Absent; message bodies are parsed directly using
json.loads()without delimiters or 'ignore' instructions. - Capability inventory: The skill includes AWS CLI commands and
boto3calls for queue management and message deletion. - Sanitization: Absent; external content is processed as-is from the queue body.
- [Unverifiable Dependencies] (SAFE): The skill references
boto3, a standard and trusted AWS library. No remote code downloads or execution from untrusted sources are present.
Audit Metadata