aws-lambda-durable-functions

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • Official SDK Integration: The skill instructs the user to install official AWS SDKs (@aws/durable-execution-sdk-js and aws-durable-execution-sdk-python) from standard package registries. These are recognized vendor resources for AWS durable execution.
  • IAM and Least Privilege: Documentation includes requirements for the AWSLambdaBasicDurableExecutionRolePolicy and specific Lambda actions such as lambda:CheckpointDurableExecution. These are the standard permissions necessary for the durable execution model to function.
  • Security Best Practices: The skill explicitly documents security considerations, advising users to enable KMS encryption for CloudWatch Logs, avoid returning PII in step results, and validate external callback payloads.
  • Replay Model Determinism: A significant portion of the analysis focuses on the 'replay model', which is a fundamental architectural requirement of durable functions. The instructions correctly emphasize that non-deterministic operations (like time and random number generation) must be encapsulated within steps to maintain execution integrity.
  • Diagnostic Tooling: The troubleshooting section provides legitimate AWS CLI commands for inspecting execution history and logs. It includes a proactive warning about reviewing potentially sensitive data within execution history before displaying it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:35 PM
Security Audit — agent-trust-hub — aws-lambda-durable-functions