aws-skill

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill provides tools for managing AWS authentication that can expose sensitive information. The bootstrap iam-admin command in lib/intent/bootstrap.py creates new IAM users with administrative privileges and returns the resulting secret_access_key in plaintext. Additionally, the create_key_pair function in lib/services/ec2.py can return private key material in the command output. The skill also directly modifies the user's ~/.aws/credentials and ~/.aws/config files in lib/intent/bootstrap.py and lib/auth.py.
  • [COMMAND_EXECUTION]: The skill executes external shell commands using the subprocess module. lib/auth.py calls aws login, aws configure sso, and aws configure to set up authentication. lib/services/eks.py calls aws eks update-kubeconfig to update local Kubernetes configurations.
  • [DATA_EXFILTRATION]: The skill has broad read access to AWS resources and can exfiltrate data from the user's environment to the agent's context. Commands like s3 get, lambda logs, and cloudwatch logs read data from AWS and return it to the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: lib/services/cloudwatch.py (logs), lib/services/s3.py (object metadata), lib/services/lambda_ops.py (invocation responses). Boundary markers: None. Capability inventory: Extensive administrative AWS access, command execution, and file system writes. Sanitization: None detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 09:07 AM
Security Audit — agent-trust-hub — aws-skill