iam-policy-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to review IAM policies, which are untrusted data sources that can contain malicious instructions intended to manipulate the agent.
- Ingestion points: Processes IAM policy JSON/YAML files (implied by the purpose of an iam-policy-reviewer).
- Boundary markers: Absent. The skill provides no instructions to separate untrusted policy content from agent instructions.
- Capability inventory: Granted high-privilege tools including
Bash,Write,Edit, andRead. - Sanitization: None. There is no evidence of sanitization or validation of the input content before processing.
- [Command Execution] (MEDIUM): The explicit allowance of the
Bashtool provides a mechanism for arbitrary code execution on the host system if the agent is successfully influenced by malicious data within the policies it reviews.
Recommendations
- AI detected serious security threats
Audit Metadata