The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides explicit instructions and tools for accessing sensitive AWS configuration files located at ~/.aws/credentials and ~/.aws/config. Specifically, the SessionTool.ListProfiles command reads these files to identify available profiles, exposing authentication secrets to the agent's context. \n- [DATA_EXFILTRATION]: The FileOperationsTool enables the agent to perform arbitrary file reads through commands like ReadFile, ReadFileAsBase64, and ReadFileStream. This capability can be used to extract sensitive local data if the agent is directed to communicate with an external endpoint. \n- [COMMAND_EXECUTION]: The skill facilitates system modifications via the FileOperationsTool (e.g., WriteFile, AppendFile, ZipTextFile) and enables mutating AWS API operations (e.g., create, delete, update, invoke). While the skill documentation claims these require user confirmation, the agent possesses the underlying capability to initiate these state-changing commands. \n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its interaction with untrusted data. \n
Ingestion points: Data is ingested through CloudWatchLogTool (logs), ReadFile (local files), and AWS resource description tools. \n
Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined. \n
Capability inventory: The agent can execute file system writes, AWS resource modifications, and session configuration changes. \n
Sanitization: The skill lacks mentioned sanitization or validation logic for the content it processes, allowing embedded instructions in logs or files to potentially influence agent behavior.

awsclaw-general