cost-governance
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill is designed for AWS cost management and demonstrates high security maturity by providing educational warnings about potential vulnerabilities.\n- [DYNAMIC_EXECUTION]: The skill processes user-defined logic strings (e.g., 'when' conditions for budget rules). It implements a secure evaluation pattern using the
simpleevallibrary, which creates a restricted AST sandbox. This prevents arbitrary code execution by disabling built-in functions, imports, and attribute access.\n- [COMMAND_EXECUTION]: The skill uses theBashtool to executeaws ce get-cost-and-usage. This is a legitimate use of the AWS CLI to fetch Cost Explorer data necessary for its primary governance function.\n- [EXTERNAL_DOWNLOADS]: The skill references MCP servers from theawslabsGitHub organization and pricing data fromanthropic.com. These are well-known, trusted technology entities, and the references are consistent with the skill's purpose.\n- [REMOTE_CODE_EXECUTION]: A YARA signature for sensitive file exfiltration viacurlwas triggered by text inSKILL.md. Technical analysis confirms this is a false positive; the snippet is contained within a 'Bad Example' block explicitly labeled '절대 하지 말 것' (Never Do This). The functional code of the skill explicitly avoids this pattern and uses a safe alternative.
Audit Metadata