step-functions-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requests 'Bash(aws:*)' permissions, allowing the agent to execute arbitrary AWS CLI commands. This provides a direct path for unauthorized resource modification, data deletion, or privilege escalation if the agent processes malicious user-supplied instructions.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core function of processing external workflow requirements. Ingestion points: User prompts and Step Function definitions. Boundary markers: None provided in the instructions to separate data from commands. Capability inventory: Full AWS CLI access ('aws:*'), file creation ('Write'), and file modification ('Edit'). Sanitization: Absent. There are no safeguards to prevent the agent from treating malicious strings within a workflow definition as valid commands.
- [NO_CODE] (INFO): The provided file contains only metadata and documentation. The security profile is determined by the high-risk capabilities requested in the frontmatter rather than implementation logic.
Recommendations
- AI detected serious security threats
Audit Metadata