aws-cloud-ops
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/main.cjsfile useschild_process.spawnto run the AWS CLI tool with arguments provided by the agent. Although it implementsshell: falseto prevent shell injection, the skill acts as a general-purpose wrapper for theawsbinary. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile directs users to download the AWS CLI v2 from official Amazon Web Services domains such asaws.amazon.comandawscli.amazonaws.com. These are established, trusted sources for cloud tooling. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes data from external cloud resources while maintaining the capability to execute commands. Evidence: 1. Ingestion points: AWS CLI command outputs entering the agent context via
scripts/main.cjs. 2. Boundary markers: No explicit separators or 'ignore instructions' markers are defined in the wrapper scripts or documentation. 3. Capability inventory: Execution of arbitraryawssubcommands usingchild_process.spawninscripts/main.cjs. 4. Sanitization: No specific input/output sanitization or validation logic is implemented in the provided Node.js scripts. Additionally, theSKILL.mdfile contains a claim that 'IAM write operations are blocked', which is a deceptive metadata instruction as it is not enforced by the underlyingscripts/main.cjsimplementation.
Audit Metadata