aws-cloudwatch
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the
awsCLI andjqto interact with AWS CloudWatch and Logs. These include listing alarms, fetching metrics, and filtering log events. This is consistent with the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The skill requires
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYto be present in the environment. While these are sensitive credentials, their use is standard for the intended functionality and no hardcoded secrets were detected. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data as arguments for shell commands.
- Ingestion points: User-provided inputs are used for parameters like
--dimensions,--log-group-name, and--filter-pattern(e.g., inSKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: The skill possesses the capability to execute arbitrary subprocesses via the shell (
awsCLI). - Sanitization: There is no evidence of sanitization or validation of inputs before they are passed to the shell, which could allow for command or argument injection if an attacker provides malicious log group names or patterns.
Audit Metadata