aws-transform

Fail

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically generates and executes shell scripts (e.g., run.sh) and PowerShell commands for transformation tasks. It uses nohup to background long-running processes on the user's machine.
  • [PRIVILEGE_ESCALATION]: The instructions direct the agent to use sudo for installing language runtimes (Java, Python, Node.js) and to execute aws iam attach-user-policy or attach-role-policy to grant broad permissions (e.g., AWSTransformCustomFullAccess) to the current identity.
  • [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from transform-cli.awsstatic.com and clones infrastructure templates from the aws-samples organization on GitHub. While these are official AWS-related sources, they involve executing remote content.
  • [REMOTE_CODE_EXECUTION]: The skill implements a curl | bash pattern to install its CLI tool from https://transform-cli.awsstatic.com/install.sh.
  • [PROMPT_INJECTION]: The SKILL.md file contains instructions to perform 'internal bookkeeping' and polling operations silently, explicitly directing the agent to conceal these actions from the user (e.g., 'The user must never see it happen', 'Do not announce the check').
  • [DATA_EXFILTRATION]: The skill identifies and uploads local source code and database schemas to AWS-managed S3 buckets and agents. While it includes 'human-in-the-loop' checkpoints for consent, it centralizes sensitive intellectual property into remote environments.
Recommendations
  • HIGH: Downloads and executes remote code from: https://transform-cli.awsstatic.com/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 20, 2026, 12:02 PM
Security Audit — agent-trust-hub — aws-transform