aws-cost-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous AWS CLI command templates (e.g.,
aws ce,aws ec2,aws cloudwatch) for retrieving infrastructure and billing data. These commands are legitimate and consistent with the skill's stated purpose.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process data from external AWS environments. - Ingestion points: Data retrieved via AWS CLI commands, such as resource tags, instance names, and billing records in
SKILL.md. - Boundary markers: No specific delimiters or safety instructions are provided to separate the retrieved AWS data from the agent's internal instructions.
- Capability inventory: The skill utilizes the AWS CLI for resource enumeration and recommends workflows for resource deletion (e.g., terminating instances, deleting volumes).
- Sanitization: There is no evidence of sanitization or validation of the data returned from the AWS APIs before it is processed by the agent.
- [PROMPT_INJECTION]: The skill metadata contains a self-authoritative safety claim (
risk: safe) which is a known pattern for attempting to influence security analysis tools.
Audit Metadata