aws-secrets-manager

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Command Execution: The utility script asm-exec uses subprocess.run to execute commands provided by the agent. This is the core functionality of the skill, serving as a wrapper to inject resolved secret values into the execution environment of a child process.\n- Local System Interaction: The script interacts with the local aws CLI to manage credentials. Specifically, it may call aws configure export-credentials or aws configure get to retrieve necessary keys for SigV4 signing of requests.\n- Network Communication: The skill connects to local and remote AWS endpoints, including localhost:2773 (AWS Secrets Manager Agent) and https://aws-mcp.us-east-1.api.aws/mcp. These interactions are used to retrieve secret values and are directed to well-known infrastructure associated with the vendor.\n- Indirect Prompt Injection Surface: The skill processes user-supplied command arguments containing {{resolve:...}} patterns. To mitigate risks, the implementation utilizes a single-pass substitution method (re.sub with a callable), which prevents the scanner from re-evaluating the resolved secret value for further instructions (recursive injection).\n- Data Handling: Access to AWS Secrets Manager is the primary purpose of this skill. By design, it ensures that plaintext secret values exist only within the memory of the asm-exec process or the target application, rather than the agent's observable context or logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:44 PM
Security Audit — agent-trust-hub — aws-secrets-manager