aws-infra
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to access
~/.aws/configto resolve regional and profile settings. This file is a sensitive system location containing AWS configuration data. - [COMMAND_EXECUTION]: The skill relies on the execution of local
awsCLI commands, including identity checks (sts get-caller-identity) and resource management. This provides a direct interface for executing potentially impactful system commands. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes data from AWS service responses.
- Ingestion points: Results from AWS CLI commands like
describeorlist, which can contain user-provided metadata from the AWS environment. - Boundary markers: None present; the instructions do not define delimiters for separating command output from instructions.
- Capability inventory: Execution of local
awsCLI commands and read access to~/.aws/config. - Sanitization: None present; the skill does not specify procedures for validating or escaping external data before processing.
Audit Metadata