cloudformation-to-pulumi
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs binary plugins 'cdk-importer' and 'cdk2pulumi' via the Pulumi CLI. These dependencies originate from an external registry not included in the pre-approved trusted source list.
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands using 'aws' and 'pulumi' CLIs to manipulate cloud infrastructure and run downloaded binary tools.
- PROMPT_INJECTION (LOW): The 'PLAN ADJUSTMENT REQUIRED' section in SKILL.md uses instruction-override language ('MUST', 'disregard') to force the agent to prioritize the skill's workflow over any existing plan.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted CloudFormation templates which can contain malicious strings targeting the LLM. 1. Ingestion points: 'template.json' via AWS CLI. 2. Boundary markers: Absent. 3. Capability inventory: CLI access, plugin execution, and resource code generation. 4. Sanitization: Absent.
Audit Metadata