email-service-aws-ses
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Potential path traversal vulnerability identified in the template loading logic within
AwsSesEmailService.cs. - Evidence: The
templateNameparameter is directly concatenated into a file path usingPath.Combine(_templatesPath, $"{templateName}.html")without validation. If this parameter is influenced by untrusted input, it could allow access to unintended files on the host system ending in.html. - Context: The skill reads these files and sends their content via the AWS SES network capability, which constitutes a potential exfiltration path for local files.
- [PROMPT_INJECTION]: Indirect injection surface discovered in the template placeholder replacement logic.
- Ingestion points: The
placeholdersdictionary in theSendTemplatedEmailAsyncmethod accepts arbitrary string values that enter the agent's context from potential external sources. - Boundary markers: No boundary markers or "ignore instructions" warnings are present in the template processing logic.
- Capability inventory: The skill possesses network capabilities through the
AmazonSimpleEmailServiceV2Client.SendEmailAsyncmethod. - Sanitization: The implementation performs a direct
string.Replacefor placeholders without HTML encoding or sanitizing the input values. - Impact: This lack of sanitization allows for HTML injection, enabling an attacker to manipulate the content of sent emails or inject malicious links if they can influence the data passed into the placeholder dictionary.
Audit Metadata