The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by combining data ingestion with high-privilege capabilities.
Ingestion points: The GetObject command (using AsText: true) and SelectObjectContent read data from S3 objects directly into the agent's active context.
Boundary markers: There are no instructions or delimiters defined to prevent the agent from following instructions embedded within the S3 object data.
Capability inventory: The toolset includes powerful operations such as PutBucketPolicy, DeleteBucket, DeleteObject, and PutObject which could be misused if the agent is influenced by malicious data.
Sanitization: No sanitization or validation mechanisms are specified for the data retrieved from external objects.
[DATA_EXFILTRATION]: The GetObject and SelectObjectContent commands allow for the extraction of sensitive data from private S3 storage into the agent's context, where it could potentially be processed or moved.
[COMMAND_EXECUTION]: The skill exposes a wide array of AWS S3 API operations, granting the agent significant control over cloud storage infrastructure, including the ability to modify access control lists and encryption settings.

awsclaw-s3