The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the user to mount their entire local ~/.aws directory, including configuration and SSO cache, into a Docker container (-v ~/.aws:/root/.aws:ro). While mounted as read-only, this grants any code running inside the container full access to the user's AWS credentials and identity tokens.
[COMMAND_EXECUTION]: The scripts/download_invoices.py script uses subprocess.run to execute various AWS CLI commands. It dynamically constructs these commands using values retrieved from environment variables (AWS_PROFILE) and the AWS API (account IDs, invoice IDs). While it uses list-based arguments to mitigate shell injection, it represents an automated execution of system commands.
[EXTERNAL_DOWNLOADS]: The script uses urllib.request.urlretrieve to download PDF files from URLs provided by the AWS Invoicing API. This involves fetching content from remote endpoints based on dynamic data.
[DATA_EXPOSURE]: The skill processes account names and billing data from the AWS Organization. If an account name is maliciously crafted by an administrator within the organization, it could potentially influence file paths or logging behavior, although the script performs basic character replacement (s.replace(" ", "_").replace("/", "_")) to sanitize filenames.

aws-invoice-download