amazon-web-services
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for AWS Lambda and SQS handlers that process untrusted input (event and record bodies) and perform downstream operations with high-privilege services like S3 and DynamoDB. This creates an indirect prompt injection surface.
- Ingestion points: references/lambda-functions.md (event.body) and references/messaging-sqs-sns.md (record.body).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided snippets.
- Capability inventory: The skill enables broad capabilities including full S3 CRUD, DynamoDB read/write, and SNS/SQS messaging.
- Sanitization: Code examples demonstrate direct JSON parsing but lack input validation, escaping, or schema enforcement.
- [COMMAND_EXECUTION]: The skill provides documentation for the 'aws ecs execute-command' utility, which enables interactive shell access to running containers. It also includes health check patterns using 'CMD-SHELL' for containerized workloads.
Audit Metadata