deploying-custom-domain-rest-api

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [Command Execution]: The skill uses aws-cli, python3, sed, and node to manage AWS infrastructure. These are standard operations for infrastructure-as-code deployments. Python is specifically used to package Lambda function code into ZIP archives for deployment.
  • [Hardcoded Demo Credentials]: The scripts/authorizer.mjs file and SKILL.md instructions include hardcoded authorization values (headerValue1, queryValue1). The skill correctly identifies these as for demonstration purposes only, instructs the user that they are unsuitable for production, and provides guidance on using AWS Secrets Manager for production environments.
  • [IAM Best Practices]: The IAM trust policy in scripts/lambda-trust-policy.json includes a condition for aws:SourceAccount, which is a security best practice to prevent the 'confused deputy' problem during cross-service resource access.
  • [Security Headers]: The backend Lambda function (scripts/example_function.mjs) implements security-conscious HTTP headers including Strict-Transport-Security (HSTS), X-Content-Type-Options, and X-Frame-Options.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:18 PM
Security Audit — agent-trust-hub — deploying-custom-domain-rest-api