ferpa-reviewer

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust security guardrail through a mandatory credential boundary check defined in references/credential-boundary.md. It validates that the AWS principal used for the assessment lacks write permissions (e.g., Create, Update, Delete, Put) before executing any checks, effectively preventing accidental modifications to sensitive production environments.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard AWS CLI commands for infrastructure auditing. These commands are limited to read-only operations such as Describe, Get, and List, which are necessary to evaluate the compliance posture of services like S3, RDS, and IAM.
  • [EXTERNAL_DOWNLOADS]: The report generation script (scripts/generate-html-report.py) mentions an optional dependency on the markdown2 Python package. However, the script is designed with a minimal built-in fallback parser to avoid mandatory external dependencies and minimize the supply chain attack surface.
  • [DATA_EXFILTRATION]: No unauthorized network operations or data transmission patterns were identified. The skill processes assessment data locally and generates reports within the user's local directory structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 02:26 AM
Security Audit — agent-trust-hub — ferpa-reviewer