100Critical
The skill poses a security risk by attempting to access sensitive credential file paths, potentially leading to unauthorized exposure of AWS access keys and environment secrets.
Skill Info
Namehashicorp/agent-skills/aws-ami-builder
Registrygithub
Version339a11393581
PURLpkg:github/hashicorp/agent-skills@339a11393581?skill=aws-ami-builder
Stars677
Installs1,500
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
1,500 installs
Skills.shDocs
npx skills add https://github.com/hashicorp/agent-skillsAssessments (2)
AI Agent Traps ↗Access to known credential file paths detectedcriticalcredential theftAML.T0055AML.T0037LLM02:2025
Access to known credential file paths detected
100% confidenceline 126
~/.aws/credentials
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/hashicorp/agent-skills/aws-ami-builder)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/hashicorp/agent-skills/aws-ami-builder"><img src="https://mondoo.com/ai-agent-security/api/badge/github/hashicorp/agent-skills/aws-ami-builder.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/hashicorp/agent-skills/aws-ami-builder.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow