cloud-security-prowler
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to run Prowler via the shell. If the agent accepts unvalidated user input for service names, regions, or checks, it could lead to command injection.- [EXTERNAL_DOWNLOADS] (MEDIUM): The prerequisites suggest installing 'prowler' at runtime via pip or brew. While these are standard tools, runtime installation of third-party packages introduces supply chain risks if the environment is not pinned or if the package is compromised.- [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). It processes data from external cloud environments (via Prowler JSON output). An attacker with control over cloud resource metadata (e.g., S3 bucket names or IAM tags) could embed malicious instructions that the agent may follow during the parsing and summarization phase.
- Ingestion point: ./prowler-results directory (JSON files).
- Boundary markers: Absent.
- Capability inventory: Shell command execution and file system access.
- Sanitization: None identified in the provided instructions.
Recommendations
- AI detected serious security threats
Audit Metadata