aws-skill
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides tools for managing AWS authentication that can expose sensitive information. The
bootstrap iam-admincommand inlib/intent/bootstrap.pycreates new IAM users with administrative privileges and returns the resultingsecret_access_keyin plaintext. Additionally, thecreate_key_pairfunction inlib/services/ec2.pycan return private key material in the command output. The skill also directly modifies the user's~/.aws/credentialsand~/.aws/configfiles inlib/intent/bootstrap.pyandlib/auth.py. - [COMMAND_EXECUTION]: The skill executes external shell commands using the
subprocessmodule.lib/auth.pycallsaws login,aws configure sso, andaws configureto set up authentication.lib/services/eks.pycallsaws eks update-kubeconfigto update local Kubernetes configurations. - [DATA_EXFILTRATION]: The skill has broad read access to AWS resources and can exfiltrate data from the user's environment to the agent's context. Commands like
s3 get,lambda logs, andcloudwatch logsread data from AWS and return it to the agent. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points:
lib/services/cloudwatch.py(logs),lib/services/s3.py(object metadata),lib/services/lambda_ops.py(invocation responses). Boundary markers: None. Capability inventory: Extensive administrative AWS access, command execution, and file system writes. Sanitization: None detected.
Audit Metadata