AWS Infrastructure Architect
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to interact with the local environment using
poetry runfor several legitimate infrastructure tasks, including executing the AWS CLI, Sceptre for CloudFormation management,cfn-lintfor template validation, and Python for boto3 script execution. - [PROMPT_INJECTION]: The skill incorporates a surface for indirect prompt injection by design, as it is instructed to fetch and process external data from AWS documentation via an MCP server integration.
- Ingestion points: External data enters the context through tools like
mcp__aws-knowledge-mcp-server__aws___read_documentationandmcp__aws-knowledge-mcp-server__aws___search_documentation. - Boundary markers: The prompt does not specify explicit delimiters or "ignore instructions" wrappers for the data fetched from the MCP server.
- Capability inventory: The agent has the capability to execute shell commands via Poetry and generate executable Infrastructure-as-Code (IaC) templates.
- Sanitization: There are no mentioned mechanisms for sanitizing or filtering the content retrieved from the AWS knowledge base. However, since the source is a well-known technology service (AWS), this surface is considered part of the intended functional design and does not elevate the risk level.
Audit Metadata