Skills
skills/necatiarslan/awsclaw/awsclaw-sqs/Gen Agent Trust Hub

awsclaw-sqs

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill enables high-privilege administrative actions on AWS SQS resources, including destructive operations like DeleteQueue and PurgeQueue which can result in total data loss for a queue.
  • [DATA_EXFILTRATION]: The AddPermission command allows granting queue access to arbitrary AWS Account IDs. This capability can be abused to establish cross-account access, facilitating unauthorized data exposure or exfiltration. Additionally, the SendMessage tool can be used to exfiltrate sensitive information by sending it to an attacker-controlled SQS queue.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent's context through message bodies retrieved via the ReceiveMessage command in SKILL.md.
  • Boundary markers: There are no instructions or delimiters defined to separate SQS message content from system instructions or to warn the agent against following instructions embedded in messages.
  • Capability inventory: The agent has access to sensitive tools in SKILL.md including AddPermission, DeleteQueue, PurgeQueue, and SetQueueAttributes which could be targeted by an injection attack.
  • Sanitization: The skill lacks any mechanism for sanitizing or validating message content before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 08:11 PM