awslabs-aws-api-mcp-server-call-aws
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary AWS CLI commands. It incorporates specific safety constraints that prohibit the use of shell operators, pipes, and environment variables to mitigate command injection risks.- [PROMPT_INJECTION]: The tool accepts a string-based CLI command which represents an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data can enter via the
cli_commandargument inSKILL.md. - Boundary markers: The skill uses structured JSON arguments but lacks explicit delimiters to separate user data from command logic within the string.
- Capability inventory: Provides broad AWS API access and file operations within a designated temporary directory as defined in
SKILL.md. - Sanitization: The documentation explicitly forbids dangerous shell syntax and claims that the underlying MCP server performs command validation before execution.
Audit Metadata