The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines numerous shell functions and aliases in scripts/aws-blast.sh and references/automation-patterns.md that directly interpolate positional parameters (such as $1, $2) into AWS CLI commands. Examples include the awsprof, stop-env, and aws-tag functions. This pattern creates a surface for shell command injection if user-provided strings are passed directly into these commands without sanitization by the agent.
[CREDENTIALS_UNSAFE]: The documentation in references/automation-patterns.md includes an alias aws-profiles that executes a cat command on ~/.aws/config. Access to files in the sensitive .aws directory is a data exposure risk, even when used for legitimate profile management.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted user input and interpolates it into powerful shell commands via the Bash tool without explicitly defining boundary markers or implementing sanitization logic in the provided templates.
Ingestion points: User-supplied values for resource IDs, tags, profiles, and region names enter the context via agent prompts (referenced in SKILL.md and scripts/aws-blast.sh).
Boundary markers: The instructions do not specify any delimiters or warnings to ignore embedded instructions in the processed data.
Capability inventory: The skill explicitly requests and uses Bash and Write capabilities for executing AWS commands and generating scripts.
Sanitization: There is no evidence of input validation or escaping for the user-supplied strings before they are injected into shell aliases or functions.

aws-cli-beast