cjis-reviewer

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various AWS CLI commands (Describe, Get, List) to collect configuration data from the user's AWS account. This is a core part of its functionality as an audit tool.
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/generate-html-report.py to convert the Markdown assessment results into a self-contained HTML file.
  • [DYNAMIC_EXECUTION]: In references/programmatic-checks/ia-identification-authentication.md, the skill executes an inline Python script via a heredoc to calculate the rotation age of IAM access keys from a CSV report. This logic is hardcoded and used for data processing.
  • [DATA_EXFILTRATION]: The skill writes sensitive infrastructure metadata and findings to the local file system in the cjis-reports/ directory and /tmp/. No evidence of data transmission to external or untrusted domains was found; all network activity is directed at official AWS service endpoints.
  • [SAFE]: The skill implements a robust 'Credential Permission Boundary' check in references/credential-boundary.md. It verifies that the active IAM principal does not have write, delete, or modification permissions before proceeding with the assessment, which is a significant security best practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 02:26 AM
Security Audit — agent-trust-hub — cjis-reviewer