The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides the GetClusterSessionCredentials command, which allows the agent to retrieve sensitive session credentials (e.g., UsernamePassword) for an EMR cluster. Additionally, the GetOnClusterAppUIPresignedURL and GetPersistentAppUIPresignedURL commands generate presigned URLs for application interfaces, which grant access to internal cluster components.
[REMOTE_CODE_EXECUTION]: The AddJobFlowSteps command enables the execution of arbitrary scripts and JAR files (e.g., Spark or Hadoop jobs) on EMR clusters. This can be used to execute remote code on the infrastructure if the input (such as script paths or arguments) is manipulated.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the AWS environment. * Ingestion points: Cluster details via DescribeCluster, step lists via ListSteps, and notebook executions via ListNotebookExecutions. * Boundary markers: None identified; the skill does not instruct the agent to ignore or delimit instructions found in the retrieved AWS metadata. * Capability inventory: The skill has significant capabilities, including cluster termination (TerminateJobFlows), job execution (AddJobFlowSteps), and credential retrieval (GetClusterSessionCredentials). * Sanitization: No evidence of input validation or output sanitization for the data retrieved from AWS.

awsclaw-emr