The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The plugin configuration (marketplace.json) defines several MCP servers installed via uvx using the @latest version tag. Although 'awslabs' is the official AWS lab repository, it is not explicitly present in the provided trusted source whitelist, and unpinned versions introduce a supply chain risk. Severity is reduced due to the primary purpose of the skill.
[DATA_EXFILTRATION] (MEDIUM): The 'aws-cost-operations' skill is configured to interact with highly sensitive AWS audit and monitoring services, including AWS CloudTrail and Amazon CloudWatch. Accessing audit logs and operational metrics represents a significant data exposure risk. Severity is reduced because auditing and monitoring are the primary purposes of this specific plugin.
[COMMAND_EXECUTION] (MEDIUM): The skill includes a shell script (validate-stack.sh) and instructions to run various shell commands (cdk synth, npm install). These scripts perform resource discovery and execute external infrastructure-as-code tools. Severity is reduced as this is standard for CDK development workflows.
[REMOTE_CODE_EXECUTION] (MEDIUM): Through the use of uvx, the skill enables the dynamic download and execution of remote Python packages from the internet at runtime. Severity is reduced due to primary purpose.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a significant attack surface for indirect prompt injection as it processes data from local project files and synthesized CloudFormation templates.
Ingestion points: Reads package.json, requirements.txt, pom.xml, go.mod, and synthesized *.template.json files.
Boundary markers: Delimiters or 'ignore embedded instruction' warnings are absent in the skill's logic.
Capability inventory: Uses cdk synth, jq, wc, and find via subprocesses.
Sanitization: No explicit sanitization or validation of the ingested file content before use in tool logic.

aws-skills