The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py file executes AWS CLI commands via subprocess.run for security auditing purposes. This implementation uses safe argument lists and avoids shell execution, preventing command injection.
[PROMPT_INJECTION]: The skill handles untrusted data from CloudTrail logs, creating an indirect prompt injection surface. The agent mitigates this by truncating sensitive log fields like user_agent and object keys to prevent overflow or manipulation of the agent's logic.
[SAFE]: The skill does not contain hardcoded credentials, unauthorized network activity, or obfuscation. The behavior matches the stated purpose of cloud security monitoring.

detecting-s3-data-exfiltration-attempts