migrating-python-udfs

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the AWS CLI to interact with Redshift, Lambda, and IAM. It executes shell commands to list clusters, update Lambda function code, and manage Redshift Data API statements. These operations are core to the migration process and follow standard AWS administrative patterns.
  • [PRIVILEGE_ESCALATION]: The skill documents and performs necessary privilege adjustments, such as granting superuser access (CREATEUSER) to IAM-mapped users and updating IAM trust policies to allow redshift-serverless.amazonaws.com to assume roles. These are valid prerequisites for creating Redshift External Functions and are performed with user consent.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from database metadata.
  • Ingestion points: Redshift system tables pg_proc and python_udf_inventory via references/discovery-queries.md.
  • Boundary markers: The instructions do not define explicit delimiters or escaping for database metadata when interpolating it into shell commands or Python scripts.
  • Capability inventory: The skill has the capability to execute shell commands (aws CLI), write local files for migration output, and deploy remote code to AWS Lambda.
  • Sanitization: No explicit sanitization or validation of function names or definitions is documented before they are used in code generation or CLI execution.
  • Contextual Mitigation: The vulnerability surface is mitigated by Phase 5 of the workflow, which requires the agent to present a full migration plan and wait for explicit human approval before any deployment occurs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:39 PM
Security Audit — agent-trust-hub — migrating-python-udfs