route53-record-manager
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external user requests regarding Route53 configuration and possesses the capability to execute side-effecting commands on cloud infrastructure. This creates an exploitation surface where malicious input could trick the agent into deleting records, creating unauthorized entries, or exfiltrating AWS environment metadata.
- Ingestion points: User-provided strings describing Route53 records and AWS patterns (SKILL.md).
- Boundary markers: None identified in the provided documentation to isolate user input from command construction.
- Capability inventory:
Bash(aws:*)provides extensive write/execute access to the AWS environment. - Sanitization: No evidence of input validation or command escaping is provided in the skill manifest.
- [Command Execution] (HIGH): The
allowed-toolssection explicitly permitsBash(aws:*). Providing an AI agent with the ability to execute shell commands targeting cloud infrastructure is a high-risk configuration, as any reasoning failure or prompt injection can result in immediate, non-trivial impact on the user's AWS account.
Recommendations
- AI detected serious security threats
Audit Metadata