env-discovery
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary script,
scripts/discover-account.sh, is restricted to read-only AWS CLI calls (e.g.,resourcegroupstaggingapiandcloudwatch describe-alarms) and local file writes for report generation within the workspace. - [PROMPT_INJECTION]: The skill ingests external data from AWS (tags and alarm names) which constitutes an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through the outputs of
aws resourcegroupstaggingapiandaws cloudwatch describe-alarmsprocessed inscripts/discover-account.sh. - Boundary markers: The skill uses markdown tables and JSON structures to separate metadata from instructions, as seen in
assets/report-template.mdand the script's output. - Capability inventory: The agent is limited to read-only discovery commands (
describe,list,get) as defined in theAutomation BoundaryofSKILL.md. - Sanitization: Data is filtered and aggregated using
jqbefore being rendered into markdown reports, ensuring structured presentation and preventing raw terminal escape sequences.
Audit Metadata