aws-cost-optimize
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various AWS CLI commands (e.g.,
aws ec2 describe-instances,aws cloudwatch get-metric-statistics,aws ce get-cost-and-usage) to inspect infrastructure and verify costs. These operations are limited to read-only resource discovery and metrics collection, which is necessary for identifying optimization targets. - [EXTERNAL_DOWNLOADS]: The skill uses
fetchto retrieve cost optimization guidelines from official AWS documentation (docs.aws.amazon.com). This is a trusted source used solely to provide reference material for the analysis. - [DATA_EXFILTRATION]: The tool processes sensitive configuration and cost data from the user's AWS account. This data is used to generate recommendations that are subsequently posted as issues in a user-identified GitHub repository. The information transfer is transparent and follows the primary purpose of the skill.
- [PROMPT_INJECTION]: The skill processes untrusted external content and local files, creating a surface for indirect prompt injection.
- Ingestion points: Fetched AWS documentation and local IaC files (
.tf,.yaml,.ts, etc.) as defined inSKILL.md. - Boundary markers: No specific delimiters are defined to separate untrusted content from agent instructions.
- Capability inventory: AWS CLI execution, local file system read access, and GitHub issue creation via an MCP server.
- Sanitization: No explicit validation or filtering is performed on the ingested documentation or configuration data.
Audit Metadata