aws-architecture-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerability to indirect prompt injection. The skill is designed to ingest and analyze external, untrusted data sources such as IaC repositories, monitoring data, and cost reports.
- Ingestion points: Step 1 (Context Gathering) involves reviewing 'IaC repositories', 'diagrams', and 'cost reports'.
- Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions embedded within the analyzed files.
- Capability inventory: The skill utilizes Python for numeric calculations and has the capability to generate comprehensive Markdown reports. While it does not directly modify infrastructure, an attacker could attempt to bias the design recommendations or exfiltrate reasoning via the report.
- Sanitization: Absent. There is no instruction to validate or sanitize the content of the external files before processing.
- [COMMAND_EXECUTION] (INFO): The skill mandates the use of Python for all numeric operations ('Python Calculations: Use Python for ALL numeric operations'). While this is a best practice for accuracy in cost estimation, it involves generating and executing code based on data retrieved from external infrastructure reports.
- [CREDENTIALS_UNSAFE] (SAFE): The skill actively promotes security best practices, explicitly instructing the agent to use IAM roles over static keys and to use Secrets Manager/Parameter Store instead of hardcoding credentials.
Audit Metadata