cjis-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various AWS CLI commands (Describe, Get, List) to collect configuration data from the user's AWS account. This is a core part of its functionality as an audit tool.
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/generate-html-report.pyto convert the Markdown assessment results into a self-contained HTML file. - [DYNAMIC_EXECUTION]: In
references/programmatic-checks/ia-identification-authentication.md, the skill executes an inline Python script via a heredoc to calculate the rotation age of IAM access keys from a CSV report. This logic is hardcoded and used for data processing. - [DATA_EXFILTRATION]: The skill writes sensitive infrastructure metadata and findings to the local file system in the
cjis-reports/directory and/tmp/. No evidence of data transmission to external or untrusted domains was found; all network activity is directed at official AWS service endpoints. - [SAFE]: The skill implements a robust 'Credential Permission Boundary' check in
references/credential-boundary.md. It verifies that the active IAM principal does not have write, delete, or modification permissions before proceeding with the assessment, which is a significant security best practice.
Audit Metadata