aws-solution-architect
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill workflow executes multiple Python scripts (
architecture_designer.py,serverless_stack.py,cost_optimizer.py) and references several documentation files in thereferences/directory that are missing from the analyzed package. This prevents a full security audit of the actual code being executed. - [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run high-privilege AWS CLI commands, specifically
aws cloudformation create-stackwith the--capabilities CAPABILITY_IAMflag. This allows the skill to create or modify IAM roles, which can lead to privilege escalation if the generated templates are malicious or overly permissive. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user data from
requirements.jsonto generate infrastructure designs, creating a potential surface for instruction injection. 1. Ingestion points:requirements.jsonread by thearchitecture_designer.pytool. 2. Boundary markers: Absent; no delimiters or instructions to disregard embedded commands in the input data are present. 3. Capability inventory: Execution of Python scripts, AWS CLI, CDK, and Terraform. 4. Sanitization: No validation or escaping of the input JSON fields is documented.
Audit Metadata