awsclaw-ec2
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides tools for full lifecycle management of AWS EC2 infrastructure, including the ability to perform destructive operations such as terminating instances (
TerminateInstances) and deleting virtual private clouds (DeleteVpc). - [CREDENTIALS_UNSAFE]: The tool includes functionality to retrieve sensitive authentication data, such as encrypted Windows instance passwords via
GetPasswordData, and the ability to generate new SSH credentials usingCreateKeyPair. - [COMMAND_EXECUTION]: The
RunInstancescommand supports aUserDataparameter, which allows for the execution of arbitrary startup scripts on newly provisioned cloud instances. - [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists as the skill processes data from the external AWS environment (such as resource tags, instance descriptions, and console logs). This ingested data could theoretically contain malicious instructions that an agent might follow while performing management tasks.
- Ingestion points: Data retrieved from the AWS environment via
Describe*queries andGetConsoleOutput. - Boundary markers: None identified in the provided tool definitions to separate untrusted resource metadata from system instructions.
- Capability inventory: Extensive administrative capabilities including resource deletion, network modification, and credential management.
- Sanitization: No explicit sanitization or validation of AWS resource content is described before the agent processes the output.
Audit Metadata