cloudwatch-alarm-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted user input to guide AWS configuration tasks without explicit sanitization or boundary markers. Ingestion points: Natural language user requests concerning CloudWatch alarms (SKILL.md). Boundary markers: Absent. Capability inventory: Bash(aws:*), Write, and Edit (SKILL.md). Sanitization: None specified.
- Command Execution (HIGH): The skill defines Bash(aws:*) in its allowed-tools. This grants the agent the ability to execute any AWS CLI command. When combined with the lack of input validation, this allows for potential execution of unauthorized AWS operations if the agent is manipulated by an adversarial prompt.
Recommendations
- AI detected serious security threats
Audit Metadata