pentesting-with-aws-security-agent

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Command Execution: The skill uses the AWS CLI to interact with security agent services, including domain registration and test execution.
  • Evidence: Commands such as aws securityagent create-pentest and aws securityagent verify-target-domain are used to manage the testing lifecycle. These utilize vendor-provided tools for their designated security purposes.
  • Indirect Prompt Injection: The skill retrieves and processes data from live web applications in the form of vulnerability findings.
  • Ingestion points: Data is retrieved via aws securityagent list-findings and batch-get-findings in SKILL.md.
  • Boundary markers: The instructions do not specify explicit delimiters or "ignore" markers for the ingested findings data.
  • Capability inventory: The skill has the capability to execute shell commands (aws CLI) and perform file-write operations to the .security-agent/ directory.
  • Sanitization: No specific sanitization or filtering of the findings content is described prior to report generation.
  • Context: This data processing is the primary intended function of the skill. The requirement for manual user authorization before starting a scan acts as a significant security checkpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:17 AM
Security Audit — agent-trust-hub — pentesting-with-aws-security-agent