aws-review
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill utilizes the Glob tool to identify the location of highly sensitive files such as **/.aws/credentials and .env files. While this is an expected task for a security audit to find hardcoded secrets, the access to these sensitive paths is identified as a data exposure risk. The risk of exfiltration is mitigated by the skill's restricted toolset, which excludes network operations.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing external, untrusted infrastructure-as-code and policy files. The mandatory evidence chain is: 1. Ingestion points: Discovered IaC files (Terraform, CloudFormation, JSON policies) are read into the context; 2. Boundary markers: The 'Prompt Injection Safety Notice' section defines how to treat untrusted content; 3. Capability inventory: The skill is restricted to Read, Grep, and Glob tools; 4. Sanitization: Instructions explicitly mandate the agent to ignore directives embedded in the files and treat all content strictly as data.
Audit Metadata