aws-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's deployment workflow explicitly registers and deploys pretrained models from a public model repository (e.g., domain-02-deploy-search shows registering "huggingface/sentence-transformers/all-MiniLM-L12-v2"), which is an open, third-party source of user-contributed models whose outputs are then invoked and used to build pipelines and agentic query planning—allowing external, untrusted content to influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config registers an ML connector that calls the Bedrock runtime URL "https://bedrock-runtime.${parameters.region}.amazonaws.com/model/${parameters.model}/converse" at runtime to fetch model-generated messages that the agent uses for query planning and reasoning, so this external endpoint directly controls agent prompts and is a required dependency for agentic search.