investigating-incidents-with-aws-devops-agent
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Operational Command Execution: The skill provides instructions for using the
aws devops-agentCLI and associated tools to automate incident root-cause analysis. These tools are used within their intended administrative context for cloud resource management. - Local Context Data Ingestion: To improve analysis accuracy, the skill instructs the agent to gather local workspace metadata (e.g., recent git logs, diff stats, and dependency manifests like
package.json). This is a documented feature for correlating local changes with cloud incidents. - Human-in-the-Loop Requirement: The skill contains explicit safety instructions to never auto-execute code or apply infrastructure-as-code (IaC) changes from recommendations. It requires presenting a diff to the user for manual approval, which mitigates the risk of unintended modifications.
- Authentication Management: The skill describes the use of SigV4 and bearer tokens for secure communication with AWS services, adhering to standard AWS security protocols.
Audit Metadata