aws-well-architected-review

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes programmatic checks using the AWS CLI. These commands are strictly limited to read-only operations (Describe, Get, List) to ensure no modifications are made to the user's infrastructure.
  • [EXTERNAL_DOWNLOADS]: References official AWS installation sources (e.g., awscli.amazonaws.com) for tool setup. These are well-known, trusted domains and do not pose a security risk.
  • [DATA_EXFILTRATION]: Assessment findings are saved locally in Markdown and HTML formats. An optional feature allows syncing findings to the official AWS Well-Architected Tool, which is a well-known service and part of the intended functionality.
  • [PROMPT_INJECTION]: No malicious prompt injection patterns were detected. The skill uses structured instructions to guide the agent through a predefined assessment workflow.
  • [SAFE]: Implements a robust 'Credential Permission Boundary' (defined in references/credential-boundary.md) that explicitly validates IAM credentials. It halts execution if write-capable permissions (e.g., Create, Delete, Update) are detected, ensuring a non-destructive assessment environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 02:26 AM
Security Audit — agent-trust-hub — aws-well-architected-review