detecting-s3-data-exfiltration-attempts

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing AWS CLI commands to configure security logging (CloudTrail), update threat detection services (GuardDuty), and perform log queries (Athena and CloudWatch). These commands are standard and necessary for the documented security investigation tasks.
  • [SAFE]: The skill's workflow involves analyzing external data such as CloudTrail logs and GuardDuty findings, creating an indirect prompt injection surface. Ingestion points: CloudWatch Logs Insights and Athena queries in SKILL.md. Boundary markers: Absent. Capability inventory: aws CLI and SQL queries. Sanitization: Absent. This surface is expected and safe given the skill's primary purpose as a security analysis tool.
  • [SAFE]: The skill adheres to security best practices by using descriptive placeholders (e.g., ACCOUNT_ID, FINDING_IDS, vpce-ENDPOINT_ID) instead of hardcoding sensitive account-specific or environment-specific values.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 04:05 PM
Security Audit — agent-trust-hub — detecting-s3-data-exfiltration-attempts