The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py wrap the ScoutSuite CLI using subprocess.run. Commands are passed as lists of arguments, which is a secure method that prevents shell injection vulnerabilities.\n- [EXTERNAL_DOWNLOADS]: The skill recommends the use of scoutsuite and boto3, which are widely used and legitimate tools for cloud security posture management and AWS interaction.\n- [PROMPT_INJECTION]: The skill ingests data from AWS API outputs via ScoutSuite results. While this creates a potential surface for indirect prompt injection (where malicious data in the AWS account could influence an agent), this is an inherent and expected characteristic of a security scanning tool. Evidence chain for surface analysis: 1. Ingestion points: ScoutSuite results files in scripts/agent.py and scripts/process.py. 2. Boundary markers: Absent. 3. Capability inventory: CLI execution via subprocess.run. 4. Sanitization: Absent.\n- [CREDENTIALS_UNSAFE]: The documentation provides standard instructions for configuring AWS credentials via environment variables or the AWS CLI. No hardcoded or unsafe credential management practices were observed.

performing-aws-account-enumeration-with-scout-suite