Skills
skills/lgbarn/devops-skills/aws-profile-management/Gen Agent Trust Hub

aws-profile-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill provides instructions for executing standard AWS CLI and Terraform commands (e.g., aws sts get-caller-identity, aws sso login, terraform workspace show). These commands are essential for the skill's primary purpose of infrastructure environment management.
  • [DATA_EXPOSURE] (SAFE): While the skill interacts with AWS credentials, it does so through local environment variables and official CLI tools. It does not contain hardcoded secrets or patterns for exfiltrating credentials to external domains.
  • [DYNAMIC_EXECUTION] (SAFE): Uses eval to export temporary credentials from the output of aws sts assume-role. This is a common and accepted pattern for this specific administrative task. The dynamic command is constructed using a fixed awk template processing trusted output from the AWS CLI.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from local configuration files.
  • Ingestion points: Reads *.tf files using grep to detect backend configurations.
  • Boundary markers: None present.
  • Capability inventory: Subprocess execution of aws and terraform commands, and eval for environment variable exports.
  • Sanitization: No specific sanitization of the .tf file content is performed; however, the grep search is narrow and specifically looks for infrastructure metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM