pentesting-with-aws-security-agent
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution: The skill uses the AWS CLI to interact with security agent services, including domain registration and test execution.
- Evidence: Commands such as
aws securityagent create-pentestandaws securityagent verify-target-domainare used to manage the testing lifecycle. These utilize vendor-provided tools for their designated security purposes. - Indirect Prompt Injection: The skill retrieves and processes data from live web applications in the form of vulnerability findings.
- Ingestion points: Data is retrieved via
aws securityagent list-findingsandbatch-get-findingsinSKILL.md. - Boundary markers: The instructions do not specify explicit delimiters or "ignore" markers for the ingested findings data.
- Capability inventory: The skill has the capability to execute shell commands (
awsCLI) and perform file-write operations to the.security-agent/directory. - Sanitization: No specific sanitization or filtering of the findings content is described prior to report generation.
- Context: This data processing is the primary intended function of the skill. The requirement for manual user authorization before starting a scan acts as a significant security checkpoint.
Audit Metadata