s3-lifecycle-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes external data in the form of S3 lifecycle configurations while having access to write and execute tools, creating a high-risk attack surface. (1) Ingestion points: S3 bucket metadata, lifecycle policy files, and user-provided configuration strings. (2) Boundary markers: The skill definition lacks any delimiters or instructions to ignore instructions embedded within the processed data. (3) Capability inventory: The skill is granted Bash(aws:*), Read, Write, and Edit permissions. (4) Sanitization: No sanitization, validation, or escaping logic is described to protect against malicious input being interpreted as commands.
- [Command Execution] (HIGH): The request for Bash(aws:*) access provides the agent with the ability to execute arbitrary AWS CLI commands. Without strict scoping or human-in-the-loop verification, this capability could be exploited to perform unauthorized resource modification or data exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata