performing-cloud-incident-containment-procedures

This code is an administrative incident-containment tool that performs legitimate but high-impact AWS operations (isolation of EC2 via security groups, forensic snapshot creation, IAM credential revocation, S3 restriction). It contains no signs of obfuscation, external exfiltration, or embedded malware. The main security concern is misuse: running it with attacker or overly-broad credentials can cause destructive or disruptive changes. Review and restrict who can execute the script and ensure it is run in a controlled environment with appropriate authorization and logging.

The skill is purpose-aligned and not overtly malicious: its commands match cloud incident containment and use official cloud control planes. However, it is high risk because it empowers an AI agent to perform sensitive, potentially disruptive actions across AWS, Azure, and GCP, and includes legacy AzureAD guidance plus live response commands that should require strict human oversight.