aws-lambda-microvms

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Interactive Shell Access Capability: The skill documents the use of the SHELL_INGRESS network connector, which enables interactive PTY access over WebSockets (via websocat). This is a powerful feature for debugging and agent-driven workflows that requires careful IAM scoping and management of short-lived authentication tokens.
  • Enhanced Operating System Capabilities: The platform allows users to grant ALL Linux capabilities to the container environment. While necessary for specific operations like FUSE mounts or eBPF tracing, this configuration increases the potential attack surface within the Firecracker isolation boundary.
  • Dynamic Container Execution: The core workflow involves building OCI images from user-supplied Dockerfiles and S3 artifacts. This represents a managed execution environment for code, and users should ensure that the buildRoleArn and executionRoleArn follow the principle of least privilege.
  • Sensitive Credential Management: The skill utilizes AWS IMDSv2 to securely provide execution role credentials to the guest environment. It correctly advises against baking secrets into environment variables and recommends using AWS SDKs to handle credential rotation and fetching from Secrets Manager or SSM Parameter Store.
  • Snapshot Uniqueness and Entropy: The documentation provides clear guidance on the 'uniqueness problem,' where memory and disk state are shared across all instances launched from the same snapshot. It highlights the importance of using CSPRNGs and implementing /run hooks to re-seed randomness and rotate secrets upon resume to prevent predictable states.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:55 AM
Security Audit — agent-trust-hub — aws-lambda-microvms