cloud-containers
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes numerous examples for using cloud service CLIs (aws, az, gcloud) and orchestration tools (kubectl, docker) to enumerate resources, test permissions, and access data on target environments.
- [EXTERNAL_DOWNLOADS]: The reference guide provides instructions for cloning and installing security tools from official GitHub repositories and package registries.
- Fetches prowler from the prowler-cloud GitHub organization.
- Fetches pacu from the RhinoSecurityLabs GitHub repository.
- Recommends installation of scoutSuite, roadrecon, and kube-hunter via the standard Python package manager.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through the ingestion of untrusted external data during its normal workflow.
- Ingestion points: Commands such as aws s3 cp, gsutil cp, and az storage blob download are used to retrieve potentially attacker-controlled files from cloud storage providers (file: reference/cloud-security.md).
- Boundary markers: No explicit instructions or markers are present to help the agent distinguish between its core instructions and the content of retrieved data.
- Capability inventory: The skill provides the agent with powerful cloud management capabilities and shell access, which could be abused if the agent inadvertently follows instructions embedded in downloaded content.
- Sanitization: There is no mention of sanitization or validation logic for data retrieved from remote sources before it is processed by the agent.
Audit Metadata