The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes IAM policy documents which are external, potentially untrusted data sources.
Ingestion points: The script scripts/agent.py retrieves comprehensive IAM authorization details and policy definitions from AWS using the boto3 library or from user-provided JSON files via the --input-file argument.
Boundary markers: There are no explicit delimiters or sanitization steps in the instructions to ensure that the agent distinguishes between the data being analyzed and the instructions it should follow, potentially allowing embedded natural language instructions in policy fields to be executed.
Capability inventory: The skill has the capability to interact with AWS APIs and write findings to the local filesystem.
Sanitization: The tool performs structural analysis of policies but does not sanitize text-based fields such as policy names or descriptions before they are included in the generated JSON report.
[EXTERNAL_DOWNLOADS]: The skill documentation refers to well-known third-party security tools and suggests their installation via standard package managers.
Evidence: SKILL.md and references/api-reference.md recommend installing cloudsplaining and parliament using pip for enhanced report generation and policy linting.

detecting-aws-iam-privilege-escalation