Skills
skills/panlm/skills/aws-best-practice-research/Snyk

aws-best-practice-research

Warn

Audited by Snyk on Apr 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly runs sequential searches and page reads via the aws-knowledge-mcp-server as required (SKILL.md / Step 2–3 and README) and states it may use AWS re:Post articles (a public, user-generated forum) among its sources, and those fetched pages are read and used to build checklists and drive live assessment/remediation decisions—so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and at runtime uses the aws-knowledge-mcp-server tools (aws___search_documentation, aws___read_documentation) which fetch external documentation that is injected into the agent context and thus directly controls prompts/instructions — https://github.com/awslabs/mcp/tree/main/src/aws-knowledge-mcp-server

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 06:07 AM
Issues
2
Security Audit — snyk — aws-best-practice-research