The Agent Skills Directory

Proactive Indirect Prompt Injection Protection: The skill explicitly recognizes that user-provided CloudFormation templates (including comments and metadata) are untrusted data. It instructs the agent not to treat any text within a template as instructions or approval, which is a robust safety measure against potential injection attacks.
User-Consented Tool Installation: For necessary validation tools like cfn-lint and cfn-guard, the skill first checks for their presence and only offers to install them if the user gives explicit approval. This prevents the silent modification of the execution environment.
Authenticated AWS API Operations: The skill leverages the official AWS CLI or the call_aws utility to interact with AWS services. It includes prerequisite checks to verify that the user has valid credentials and the necessary IAM permissions before attempting any deployment or diagnostic tasks.
Authoritative Data Retrieval: The resource property lookup procedure fetches documentation directly from official AWS documentation domains (docs.aws.amazon.com). This ensures the agent relies on accurate, vendor-provided schemas rather than potentially outdated or malicious third-party information.

aws-cloudformation