deploying-custom-domain-rest-api
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution]: The skill uses
aws-cli,python3,sed, andnodeto manage AWS infrastructure. These are standard operations for infrastructure-as-code deployments. Python is specifically used to package Lambda function code into ZIP archives for deployment. - [Hardcoded Demo Credentials]: The
scripts/authorizer.mjsfile andSKILL.mdinstructions include hardcoded authorization values (headerValue1,queryValue1). The skill correctly identifies these as for demonstration purposes only, instructs the user that they are unsuitable for production, and provides guidance on using AWS Secrets Manager for production environments. - [IAM Best Practices]: The IAM trust policy in
scripts/lambda-trust-policy.jsonincludes a condition foraws:SourceAccount, which is a security best practice to prevent the 'confused deputy' problem during cross-service resource access. - [Security Headers]: The backend Lambda function (
scripts/example_function.mjs) implements security-conscious HTTP headers includingStrict-Transport-Security(HSTS),X-Content-Type-Options, andX-Frame-Options.
Audit Metadata