cloud-security-prowler
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution (HIGH): The skill instructs the agent to execute shell commands (
prowler aws/azure/gcp) with various flags. This requires the agent to have shell access and the ability to execute external binaries, which is a high-risk capability. - External Downloads (MEDIUM): The skill recommends installing the
prowlerpackage usingpiporbrewas a prerequisite. This introduces a dependency on external package registries and third-party code that is not part of the trusted source list. - Indirect Prompt Injection (HIGH): The agent is instructed to parse JSON output from the tool and generate a summary with remediation steps. An attacker with control over cloud resource names or metadata (e.g., tags, descriptions) could inject malicious instructions into the scan results.
- Ingestion points: JSON results in the
./prowler-resultsdirectory (SKILL.md, Instruction 3). - Boundary markers: Absent. The skill does not define delimiters to separate the untrusted scan data from the agent's system instructions.
- Capability inventory: Subprocess command execution for running the Prowler tool.
- Sanitization: Absent. There is no logic provided to sanitize or validate the content of the JSON output before the agent processes it for remediation advice.
Recommendations
- AI detected serious security threats
Audit Metadata