eventbridge-rule-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists of a single markdown file containing metadata and descriptive text. No scripts, binaries, or other executable code are present.
- [COMMAND_EXECUTION] (LOW): The skill metadata requests access to
Bash(aws:*). While no malicious command strings are provided in the skill itself, this grants the agent permission to execute any AWS CLI command. The scope should ideally be narrowed to specific EventBridge actions to follow the principle of least privilege. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. Ingestion points: Reads user requests and potentially external AWS resource data. Boundary markers: Absent; there are no instructions for the agent to ignore instructions embedded in data. Capability inventory: Significant capabilities including
Bash(aws:*),Read,Write, andEdit. Sanitization: Absent; the skill does not instruct the agent to sanitize or validate external data before processing it.
Audit Metadata