aws-fis-experiment-prepare
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several shell scripts (
deploy-with-retry.sh,precheck-cfn-permissions.sh,rename-output-dir.sh) that execute AWS CLI and system commands (jq,mv,tr) using parameters derived from agent logic. - [REMOTE_CODE_EXECUTION]: The skill programmatically generates and deploys an AWS Lambda function within the user's account. This function uses Python to interact with the Kubernetes API to manage ServiceAccounts, Roles, and RoleBindings required for EKS pod fault injection.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and parse experiment template JSON directly from official AWS documentation pages (e.g., docs.aws.amazon.com). While these are trusted sources, the skill extracts logic and parameters from these pages to build its configurations.
- [CREDENTIALS_UNSAFE]: The skill performs sensitive IAM operations, including creating service roles, attaching managed policies, and configuring EKS Access Entries. These actions grant the FIS service permission to manipulate the user's cloud resources.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data into its execution workflow.
- Ingestion points: Official AWS documentation (docs.aws.amazon.com) and local AWS resource metadata.
- Boundary markers: Absent; data is interpolated directly into templates and scripts.
- Capability inventory: CloudFormation deployment, Lambda execution, and shell script execution across all scripts.
- Sanitization: Absent; the skill relies on the structure of the ingested documentation and resource data being valid and non-malicious.
Audit Metadata