aws-secrets-manager
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution: The utility script
asm-execusessubprocess.runto execute commands provided by the agent. This is the core functionality of the skill, serving as a wrapper to inject resolved secret values into the execution environment of a child process.\n- Local System Interaction: The script interacts with the localawsCLI to manage credentials. Specifically, it may callaws configure export-credentialsoraws configure getto retrieve necessary keys for SigV4 signing of requests.\n- Network Communication: The skill connects to local and remote AWS endpoints, includinglocalhost:2773(AWS Secrets Manager Agent) andhttps://aws-mcp.us-east-1.api.aws/mcp. These interactions are used to retrieve secret values and are directed to well-known infrastructure associated with the vendor.\n- Indirect Prompt Injection Surface: The skill processes user-supplied command arguments containing{{resolve:...}}patterns. To mitigate risks, the implementation utilizes a single-pass substitution method (re.subwith a callable), which prevents the scanner from re-evaluating the resolved secret value for further instructions (recursive injection).\n- Data Handling: Access to AWS Secrets Manager is the primary purpose of this skill. By design, it ensures that plaintext secret values exist only within the memory of theasm-execprocess or the target application, rather than the agent's observable context or logs.
Audit Metadata