aws-lambda-microvms
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Interactive Shell Access Capability: The skill documents the use of the
SHELL_INGRESSnetwork connector, which enables interactive PTY access over WebSockets (viawebsocat). This is a powerful feature for debugging and agent-driven workflows that requires careful IAM scoping and management of short-lived authentication tokens. - Enhanced Operating System Capabilities: The platform allows users to grant
ALLLinux capabilities to the container environment. While necessary for specific operations like FUSE mounts or eBPF tracing, this configuration increases the potential attack surface within the Firecracker isolation boundary. - Dynamic Container Execution: The core workflow involves building OCI images from user-supplied Dockerfiles and S3 artifacts. This represents a managed execution environment for code, and users should ensure that the
buildRoleArnandexecutionRoleArnfollow the principle of least privilege. - Sensitive Credential Management: The skill utilizes AWS IMDSv2 to securely provide execution role credentials to the guest environment. It correctly advises against baking secrets into environment variables and recommends using AWS SDKs to handle credential rotation and fetching from Secrets Manager or SSM Parameter Store.
- Snapshot Uniqueness and Entropy: The documentation provides clear guidance on the 'uniqueness problem,' where memory and disk state are shared across all instances launched from the same snapshot. It highlights the importance of using CSPRNGs and implementing
/runhooks to re-seed randomness and rotate secrets upon resume to prevent predictable states.
Audit Metadata