aws-wtf
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes various AWS CLI commands (e.g., aws ce, aws ec2, aws rds, aws lambda) to retrieve billing data and resource metadata. These operations are necessary for the skill's primary function of explaining AWS charges and are consistent with its stated purpose.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from AWS resource tags and names. 1. Ingestion points: AWS API responses containing resource tags and names are processed into the CSV and summary. 2. Boundary markers: Absent; the instructions do not use delimiters or provide warnings to ignore commands within the retrieved metadata. 3. Capability inventory: The agent can write local CSV files and generate summary reports. 4. Sanitization: Absent; the skill does not specify any sanitization or validation of the strings retrieved from AWS before they are processed.
Audit Metadata