aws-sns
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests data from an external source (AWS SNS) and provides it to the agent without boundary markers. * Ingestion points:
SKILL.md(via outputs fromaws sns list-topicsandaws sns get-topic-attributes). * Boundary markers: Absent. * Capability inventory: Executes AWS CLI and jq commands. * Sanitization: None. - [COMMAND_EXECUTION]: The skill executes shell commands using the
awsCLI andjq. These commands utilize environment variables such as$SNS_TOPIC_ARNwhich could be a vector for command injection if populated with unsanitized external input.
Audit Metadata