The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute a wide range of aws CLI commands to manage EC2, Lambda, ECS, S3, IAM, and RDS resources. It also utilizes local shell utilities such as cat, tail, head, and date for data processing and timestamp generation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data.
Ingestion points: Data is pulled into the agent's context from CloudWatch logs via aws logs tail and from the results of Lambda function calls via cat /tmp/lambda-output.json.
Boundary markers: There are no markers or delimiters used to encapsulate the output of these commands, increasing the risk that instructions embedded in logs or payloads could be misinterpreted as system commands.
Capability inventory: The skill has significant capabilities, including the ability to start and stop EC2 instances and invoke Lambda functions, which could be abused if an injection is successful.
Sanitization: No sanitization or validation logic is present to filter malicious instructions from the retrieved AWS service data.

aws-cli