database-cloud-optimization-cost-optimize
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python code and templates designed to modify cloud infrastructure, including stopping and starting instances (ec2.stop_instances, ec2.start_instances) and changing instance types (ec2.modify_instance_attribute).
- [DATA_EXFILTRATION]: The skill requests and processes sensitive cloud financial data and resource usage metadata through APIs like AWS Cost Explorer (ce.get_cost_and_usage) and CloudWatch. This data includes detailed spending patterns and resource identifiers.
- [REMOTE_CODE_EXECUTION]: The implementation playbook contains multiple methods (e.g., create_rightsizing_automation, create_spot_configuration) that generate and return large blocks of executable Python, Terraform, and YAML code as string literals, which could lead to code injection if inputs are not strictly controlled.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external, potentially attacker-influenced sources (cloud APIs and logs) and uses that data to drive high-impact infrastructure changes.
- Ingestion points: Data is ingested from AWS Cost Explorer, CloudWatch, EC2, S3, and CloudTrail APIs across resources/implementation-playbook.md.
- Boundary markers: There are no explicit instructions or delimiters used to separate data from instructions when the agent processes API outputs.
- Capability inventory: The skill includes scripts for modifying instances, S3 lifecycle policies, Lambda concurrency settings, and network configurations.
- Sanitization: No input validation or sanitization of the data retrieved from external APIs is implemented before processing.
Audit Metadata