corgiro

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a dedicated 'Prompt Injection Defense (T3)' section in SKILL.md. This section correctly identifies AWS resource metadata (tags, names, descriptions) as untrusted, attacker-controlled input and establishes mandatory rules for the agent to treat this data only as content to be reported, never as instructions to be executed.
  • [DATA_EXFILTRATION]: The skill implements a robust credential protection model. The corgiro-readonly-role.yaml CloudFormation template includes a DenySensitiveDataPlaneReads policy that explicitly blocks access to high-value data such as Secrets Manager secrets, SSM parameters, and S3 object contents, effectively preventing bulk data exfiltration even if the read-only role is compromised. Additionally, references/credential-resolution.md includes checks for disk encryption (FileVault/LUKS) before accessing local state files.
  • [DATA_EXFILTRATION]: The skill fetches AWS version lifecycle information from official AWS documentation domains (docs.aws.amazon.com). These network operations are strictly limited to well-known, trusted sources and are used for data collection rather than code execution.
  • [COMMAND_EXECUTION]: The skill generates self-contained HTML reports. To prevent cross-site scripting (XSS) attacks from malicious AWS resource metadata, the skill mandates HTML-entity escaping and truncation for all resource-derived strings before they are inserted into report templates.
  • [COMMAND_EXECUTION]: The mode-builder mode allows for the creation of new automation scripts. This is protected by a validation workflow that restricts allowed AWS CLI commands to read-only verbs (describe-*, list-*, get-*) and performs a leak scan for internal tokens or identifiers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 07:39 AM
Security Audit — agent-trust-hub — corgiro