cognito
AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers.
86
82%
Does it follow best practices?
Impact
90%
1.11xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Security
1 high severity finding. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.80). The prompt contains multiple code examples that hard-code client secrets, passwords, and tokens (e.g., 'client-secret', Password='SecurePassword123!', REFRESH_TOKEN values), which encourages embedding real secrets verbatim in commands or code and therefore creates an exfiltration risk.
- Repository
- itsmostafa/aws-agent-skills
- Commit
5df6da7
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.