AWS CloudWatch

The skill is designed to query AWS CloudWatch metrics. It is classified as suspicious due to two main vulnerabilities. First, it implements AWS SigV4 signing manually in `src/cli.mjs`, a complex cryptographic protocol that is highly prone to subtle security flaws if not perfectly implemented. Second, `src/skill.mjs` uses `child_process.spawnSync` with `shell: true` on Windows, directly forwarding user-controlled arguments, which creates a shell injection vulnerability allowing arbitrary command execution if malicious input is provided (e.g., via prompt injection against the agent).