aws-serverless-eda
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill configuration presents a surface for indirect prompt injection (Category 8). It is designed to ingest and act upon data from external sources such as SQS and SNS messages, EventBridge events, and Lambda outputs. The skill does not provide specific instructions to the agent regarding the use of boundary markers or sanitization techniques to differentiate between data and instructions within these payloads. This is significant because the skill also grants the agent capabilities to perform management and orchestration actions on AWS infrastructure.\n
- Ingestion points: Event data from Amazon SQS, Amazon SNS, Amazon EventBridge, and AWS Lambda function outputs.\n
- Boundary markers: Absent. The skill lacks instructions for the agent to encapsulate untrusted data within delimiters or ignore embedded instructions.\n
- Capability inventory: Lifecycle management of serverless projects via SAM CLI, Lambda function invocation, Step Functions orchestration, and messaging operations via SNS/SQS.\n
- Sanitization: No instructions are provided for the agent to validate or filter data from external sources before using it in decision-making or workflow execution.
Audit Metadata