aws-cost-operations
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requests execution permissions for several AWS CLI components including
aws ce,aws cloudwatch,aws logs,aws budgets, andaws cloudtrailto facilitate billing and operational analysis.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes MCP tools to search and read official AWS documentation. This is documented as a requirement for providing up-to-date and accurate service information.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes a hook to automatically executeaws sts get-caller-identityfor AWS Account ID discovery. This exposure of account metadata is necessary for the agent to provide context-aware assistance in an AWS environment.\n- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through the processing of untrusted data from AWS CloudWatch logs and CloudTrail events.\n - Ingestion points: Data is ingested into the agent's context through
aws logsandaws cloudtrailtool outputs.\n - Boundary markers: The instructions do not provide specific delimiters or boundary markers to distinguish between the data content and instructions.\n
- Capability inventory: The skill has extensive capabilities to execute AWS CLI commands and access sensitive configuration and billing data.\n
- Sanitization: No evidence of data sanitization or validation of the ingested log or audit data is observed in the provided files.
Audit Metadata