ferpa-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security guardrail through a mandatory credential boundary check defined in
references/credential-boundary.md. It validates that the AWS principal used for the assessment lacks write permissions (e.g.,Create,Update,Delete,Put) before executing any checks, effectively preventing accidental modifications to sensitive production environments. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute standard AWS CLI commands for infrastructure auditing. These commands are limited to read-only operations such asDescribe,Get, andList, which are necessary to evaluate the compliance posture of services like S3, RDS, and IAM. - [EXTERNAL_DOWNLOADS]: The report generation script (
scripts/generate-html-report.py) mentions an optional dependency on themarkdown2Python package. However, the script is designed with a minimal built-in fallback parser to avoid mandatory external dependencies and minimize the supply chain attack surface. - [DATA_EXFILTRATION]: No unauthorized network operations or data transmission patterns were identified. The skill processes assessment data locally and generates reports within the user's local directory structure.
Audit Metadata