implementing-cloud-waf-rules
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from web traffic logs and sampled requests to assist in WAF rule tuning, creating a surface for indirect prompt injection.
- Ingestion points: The "scripts/agent.py" script (line 126) calls "get_sampled_requests" to fetch data from the WAFv2 API, and "SKILL.md" provides an Athena SQL query to analyze WAF logs.
- Boundary markers: No delimiters or warnings are used to isolate untrusted traffic data from the agent's core instructions.
- Capability inventory: The skill includes scripts and commands to create and update Web ACLs ("scripts/agent.py" lines 54 and 70, and various commands in "SKILL.md"), allowing the agent to modify infrastructure security based on analyzed data.
- Sanitization: There is no evidence of sanitization or filtering of the ingested log data before it is presented or used.
- [COMMAND_EXECUTION]: The skill facilitates the execution of administrative commands on cloud infrastructure to manage security policies.
- Evidence: "scripts/agent.py" utilizes the "boto3" library (an official AWS SDK) to programmatically modify WAF configurations. "SKILL.md" provides multiple "aws wafv2" CLI command patterns for resource management.
Audit Metadata