aws-transform
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates and executes shell scripts (e.g.,
run.sh) and PowerShell commands for transformation tasks. It usesnohupto background long-running processes on the user's machine. - [PRIVILEGE_ESCALATION]: The instructions direct the agent to use
sudofor installing language runtimes (Java, Python, Node.js) and to executeaws iam attach-user-policyorattach-role-policyto grant broad permissions (e.g.,AWSTransformCustomFullAccess) to the current identity. - [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from
transform-cli.awsstatic.comand clones infrastructure templates from theaws-samplesorganization on GitHub. While these are official AWS-related sources, they involve executing remote content. - [REMOTE_CODE_EXECUTION]: The skill implements a
curl | bashpattern to install its CLI tool fromhttps://transform-cli.awsstatic.com/install.sh. - [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions to perform 'internal bookkeeping' and polling operations silently, explicitly directing the agent to conceal these actions from the user (e.g., 'The user must never see it happen', 'Do not announce the check'). - [DATA_EXFILTRATION]: The skill identifies and uploads local source code and database schemas to AWS-managed S3 buckets and agents. While it includes 'human-in-the-loop' checkpoints for consent, it centralizes sensitive intellectual property into remote environments.
Recommendations
- HIGH: Downloads and executes remote code from: https://transform-cli.awsstatic.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata