Skills
skills/panlm/aws-bestpractice-research-skill/aws-bestpractice-research/Gen Agent Trust Hub

aws-bestpractice-research

Fail

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute source <credential-file-path> in the references/audit-workflow.md file, where the path is provided by the user. This operation executes any shell script content within the specified file in the current shell environment.
  • [COMMAND_EXECUTION]: The workflow constructs numerous AWS CLI commands (e.g., aws elasticache describe-replication-groups --replication-group-id {REPL_GROUP_ID}) by directly interpolating user-controlled variables. This pattern is highly susceptible to command injection if the input strings contain shell metacharacters or additional commands.
  • [CREDENTIALS_UNSAFE]: The skill's primary workflow (Step 1 and Step 8.1) explicitly prompts users to provide high-privilege AWS credentials, including environment variables, profile names, and credential file paths.
  • [COMMAND_EXECUTION]: The skill includes complex audit logic for multiple AWS services (RDS, MSK, DynamoDB, EKS) that relies on executing shell-based CLI operations with interpolated resource identifiers provided by the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 06:47 AM
Security Audit — agent-trust-hub — aws-bestpractice-research