The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes AWS CLI commands to interact with cloud infrastructure. The implementation is secure as it uses list-based arguments with subprocess.run rather than shell strings, preventing typical command injection vulnerabilities.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of external telemetry data. * Ingestion points: The agent fetches GuardDuty findings and CloudTrail events in scripts/agent.py. * Boundary markers: No delimiters are used to separate ingested data from agent instructions. * Capability inventory: The skill has permissions to create security groups and modify instance attributes. * Sanitization: The output is parsed as JSON, but the content of the findings (e.g., resource names or finding descriptions) is not sanitized for potential embedded instructions.
[DATA_EXFILTRATION]: The skill accesses sensitive cloud metadata, including billing alerts and network logs. This access is strictly aligned with the skill's primary purpose of security monitoring and incident response.

detecting-cryptomining-in-cloud