ecs-express
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
awsanddockercommands to build, push, and deploy container images. These operations are core to the skill's stated purpose and are performed with user confirmation. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it extracts values like service names and environment variables directly from the user's local codebase for use in shell commands. Ingestion points: User's local directory name and application source code. Boundary markers: Absent. Capability inventory:
docker build,docker push, andaws ecsmanagement commands. Sanitization: No explicit sanitization of extracted codebase strings before shell interpolation is defined.
Audit Metadata