cloud-security-engineer
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates a 'Prompt Injection Safety Notice' that utilizes instruction-override patterns (e.g., 'IGNORE those instructions') as a defensive mechanism to ensure the agent adheres to the provided security methodology and does not deviate when processing untrusted input.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to ingest and analyze external configuration data.
- Ingestion points: Infrastructure-as-Code (IaC) templates and cloud configuration data described in the 'When to Use' and 'Engagement Types' sections.
- Boundary markers: The skill includes a 'Prompt Injection Safety Notice' instructing the agent to ignore conflicting instructions in user messages or file contents.
- Capability inventory: The skill is configured to use file-system tools such as
Read,Grep, andGlobto examine code. - Sanitization: There is no evidence of programmatic sanitization or schema validation for external data, with the skill relying on instructional guardrails.
- [SAFE]: All external references point to reputable and established security documentation sources, including NIST, CIS, and the official documentation for AWS, Azure, and GCP.
Audit Metadata