sdk-getting-started
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to perform preflight environment checks. It uses
python -cto verify thesagemakerpackage version, retrieve the current AWS region viaboto3, and resolve the IAM execution role usingsagemaker.core.helper.session_helper. It also invokes the AWS CLI (aws iam get-role) to inspect IAM role configuration. - [EXTERNAL_DOWNLOADS]: The skill ensures the necessary environment is present by installing or upgrading official AWS libraries (
sagemakerandboto3) from the standard Python package registry. These resources are provided by the vendor for SageMaker integration. - [PROMPT_INJECTION]: The skill processes external data in the form of IAM policy documents retrieved from the user's AWS account. This constitutes an indirect prompt injection surface where the agent parses the
AssumeRolePolicyDocumentto check for required service principals (sagemaker.amazonaws.com,bedrock.amazonaws.com). - Ingestion points: Output from
aws iam get-roleinreferences/execution-role-setup.md. - Boundary markers: None implemented for the command output analysis.
- Capability inventory: Subprocess execution via
pip,python, andawsCLI. - Sanitization: The skill performs structural checks on the retrieved JSON but does not explicitly sanitize the content before processing.
Audit Metadata