aws-agentic-ai
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the agent with extensive access to AWS CLI toolsets, including sensitive services such as
aws secretsmanagerandaws s3. These tools allow for the retrieval of credentials and manipulation of data stored in AWS accounts. - [EXTERNAL_DOWNLOADS]: The documentation references the installation of standard external packages required for development and validation, including the
bedrock-agentcorePython library and@apidevtools/swagger-cliNode.js package. - [INDIRECT_PROMPT_INJECTION]: The Browser service (documented in
services/browser/README.md) introduces a significant attack surface for tool output poisoning by enabling the extraction of raw content from external websites. - Ingestion points: Data enters the agent's context through web content extraction actions like
getTextandevaluatewithin the Browser service. - Boundary markers: The provided documentation and examples do not implement delimiters or specific instructions to prevent the agent from obeying instructions embedded in scraped web content.
- Capability inventory: The agent possesses high-impact capabilities, including the ability to manage AWS infrastructure and access secrets via the provided
Bashtools. - Sanitization: Although the documentation notes 'Sanitize extracted data' as a best practice, the skill does not provide or enforce automated sanitization logic.
Audit Metadata