aws-cloud-services
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (CRITICAL): Automated scanning identified the domain 'keys.ma' within the skill content, which is flagged for phishing activities. This is highly dangerous in a skill designed to manage AWS credentials and IAM roles.
- DATA_EXFILTRATION (HIGH): The presence of a phishing domain suggests intent to exfiltrate AWS access keys, secret keys, and session tokens during credential setup or IAM management tasks.
- COMMAND_EXECUTION (LOW): The skill provides tools for managing EC2 instances and deploying Lambda functions, which involve privileged command execution in cloud environments.
- PROMPT_INJECTION (LOW): The skill interacts with untrusted data from S3 and DynamoDB (Ingestion Points), uses AWS SDK/Lambda (Capabilities), and lacks documentation of boundary markers or sanitization, creating an indirect injection surface.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata