env-discovery

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary script, scripts/discover-account.sh, is restricted to read-only AWS CLI calls (e.g., resourcegroupstaggingapi and cloudwatch describe-alarms) and local file writes for report generation within the workspace.
  • [PROMPT_INJECTION]: The skill ingests external data from AWS (tags and alarm names) which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through the outputs of aws resourcegroupstaggingapi and aws cloudwatch describe-alarms processed in scripts/discover-account.sh.
  • Boundary markers: The skill uses markdown tables and JSON structures to separate metadata from instructions, as seen in assets/report-template.md and the script's output.
  • Capability inventory: The agent is limited to read-only discovery commands (describe, list, get) as defined in the Automation Boundary of SKILL.md.
  • Sanitization: Data is filtered and aggregated using jq before being rendered into markdown reports, ensuring structured presentation and preventing raw terminal escape sequences.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:19 PM
Security Audit — agent-trust-hub — env-discovery