awsclaw-cloudwatch
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive administrative control over AWS CloudWatch resources.
- The
PutResourcePolicycommand allows the agent to modify access control policies. An example in the documentation shows a highly permissive policy configuration (Principal: "*"). - Commands such as
DeleteLogGroupandDeleteLogStreamenable the permanent removal of log data. PutSubscriptionFilterallows the agent to configure the delivery of log events to other AWS services or external endpoints.- [DATA_EXFILTRATION]: The skill facilitates the retrieval of potentially sensitive information through log inspection.
- Commands like
GetLogEvents,FilterLogEvents, andStartQueryallow the agent to read arbitrary log content which may contain secrets, PII, or system details. - When combined with commands like
PutSubscriptionFilterorPutLogEvents, there is a risk that this data could be exfiltrated to unauthorized destinations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external data.
- Ingestion points: Data enters the agent's context through log events retrieved via
GetLogEvents,FilterLogEvents, andGetQueryResults(defined inSKILL.md). - Boundary markers: The instructions lack any boundary markers (e.g., XML tags, triple backticks) or specific guidance for the agent to ignore instructions embedded within log content.
- Capability inventory: The agent has significant capabilities including resource deletion, policy modification, and log writing across multiple scripts.
- Sanitization: There is no mention of sanitizing or validating the content of logs before the agent processes them.
Audit Metadata