aws-finops
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes legitimate AWS CLI commands (e.g.,
aws resource-explorer-2,aws resourcegroupstaggingapi) to discover resources across regions. This behavior is the primary intended function for an infrastructure auditing tool.\n- [PROMPT_INJECTION] (LOW): The skill is subject to indirect prompt injection via AWS resource tags and names.\n - Ingestion points: Untrusted data is ingested from the AWS environment through resource tags and name fields (e.g.,
resource_name,tagsin the CSV output).\n - Boundary markers: Absent. The skill does not implement specific delimiters or instructions to ignore embedded commands within metadata.\n
- Capability inventory: The skill has read-only access to AWS metadata and the ability to write local CSV reports. It does not possess network egress or infrastructure modification capabilities.\n
- Sanitization: Absent. Tag values are processed and reported in their raw format.\n- [DATA_EXFILTRATION] (SAFE): While the skill gathers extensive metadata about an AWS account, it only outputs this information to a local CSV file and a markdown summary. No network requests to external domains for data transmission were identified.
Audit Metadata