skills/jeremylongshore/claude-code-plugins-plus-skills/cloudformation-template-creator/Gen Agent Trust Hub
cloudformation-template-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No override markers, role-play injections, or system prompt extraction patterns were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials (API keys, tokens) or sensitive file paths (~/.aws/credentials, etc.) were found in the manifest.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not define any remote script downloads, package installations, or dynamic code execution patterns.
- Command Execution (SAFE): While the skill is authorized to use Bash tools within the 'aws:*' namespace, this access is appropriate for its stated purpose as an AWS assistant and no malicious commands are pre-defined.
- Indirect Prompt Injection (SAFE): The skill defines an attack surface for processing user templates but contains no logic to execute them unsafely. 1. Ingestion points: User-provided prompts and CloudFormation patterns. 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Edit, Bash(aws:*). 4. Sanitization: Not applicable as no executable scripts are included.
- No Code (SAFE): The skill consists entirely of metadata (SKILL.md) and does not ship with any external scripts or binaries.
Audit Metadata