The Agent Skills Directory

[Prompt Injection] (SAFE): The skill's instructions are task-oriented and do not contain any patterns designed to bypass AI safety constraints or override core instructions.- [Data Exposure & Exfiltration] (SAFE): The skill is designed to handle sensitive AWS account data, including billing, resource logs, and audit trails. This is the intended primary purpose of the tool. There are no network calls to external, non-whitelisted domains or attempts to exfiltrate credentials.- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection as it processes data from external sources that could be influenced by an attacker. Findings: 1. Ingestion points: The skill ingests untrusted data from Amazon CloudWatch logs and AWS CloudTrail events via MCP servers. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within log data are present. 3. Capability inventory: The skill can query metrics, read logs, and create/manage CloudWatch alarms. 4. Sanitization: No sanitization or filtering of log/event content is specified before the data is processed by the agent.- [Persistence Mechanisms] (SAFE): No attempts to modify system configuration, shell profiles, or scheduled tasks were identified.- [Dynamic Execution] (SAFE): The skill does not use any dynamic code evaluation (eval, exec) or runtime compilation techniques.

aws-cost-operations