aws-transform
Fail
Audited by Snyk on May 20, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt includes explicit, hidden/deceptive directives to perform checks and refreshes silently and to conceal internal actions from the user (e.g., "The user must never see it happen", "Do not announce the check", "Do NOT reveal your reasoning"), which are instructions to hide behavior outside the skill's stated migration purpose.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The URL points to a direct shell installer (install.sh) served from a domain that appears AWS-related but is not verifiably the official installer here; delivering and executing raw .sh installers (especially via curl|bash) is a high-risk pattern that can be used to distribute malware unless you can validate the source and script signature.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and inspects arbitrary public or private git repositories and S3 zips (see references/custom-single-transformation.md, references/custom-multi-transformation.md, and references/custom-remote-execution.md), which are untrusted/user-provided third‑party content that the agent must read and that can materially influence subsequent tool use and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). Yes — the skill explicitly runs remote installers/remote repo code at runtime (e.g., curl -fsSL https://transform-cli.awsstatic.com/install.sh | bash and git clone https://github.com/aws-samples/aws-transform-custom-samples.git followed by ./setup.sh), which fetches and executes remote code that the skill relies on for CLI install and remote-infra setup.
Issues (4)
E004
CRITICALPrompt injection detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata