sdk-getting-started

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands to perform preflight environment checks. It uses python -c to verify the sagemaker package version, retrieve the current AWS region via boto3, and resolve the IAM execution role using sagemaker.core.helper.session_helper. It also invokes the AWS CLI (aws iam get-role) to inspect IAM role configuration.
  • [EXTERNAL_DOWNLOADS]: The skill ensures the necessary environment is present by installing or upgrading official AWS libraries (sagemaker and boto3) from the standard Python package registry. These resources are provided by the vendor for SageMaker integration.
  • [PROMPT_INJECTION]: The skill processes external data in the form of IAM policy documents retrieved from the user's AWS account. This constitutes an indirect prompt injection surface where the agent parses the AssumeRolePolicyDocument to check for required service principals (sagemaker.amazonaws.com, bedrock.amazonaws.com).
  • Ingestion points: Output from aws iam get-role in references/execution-role-setup.md.
  • Boundary markers: None implemented for the command output analysis.
  • Capability inventory: Subprocess execution via pip, python, and aws CLI.
  • Sanitization: The skill performs structural checks on the retrieved JSON but does not explicitly sanitize the content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 01:10 AM
Security Audit — agent-trust-hub — sdk-getting-started