skills/jeremylongshore/claude-code-plugins-plus-skills/lambda-function-generator/Gen Agent Trust Hub
lambda-function-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): This skill has a high vulnerability surface for Indirect Prompt Injection due to the combination of processing external requests and having powerful write/execute capabilities.
- Ingestion points: Processes user requests and potentially external content for "lambda function generator" tasks.
- Boundary markers: None present in the SKILL.md to delimit untrusted input from instructions.
- Capability inventory: Possesses Bash(aws:*), Write, Edit, and Read permissions.
- Sanitization: No sanitization or validation logic is defined to prevent the execution of malicious commands or generation of backdoored code.
- [COMMAND_EXECUTION] (MEDIUM): The skill configuration explicitly enables Bash tools with broad AWS access (aws:*). While necessary for the stated purpose, this provides a powerful vector for cloud resource abuse if the agent is misled by a malicious prompt.
Recommendations
- AI detected serious security threats
Audit Metadata