rds-db2
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Script Execution]: The skill includes instructions to download and execute setup scripts from remote sources, including the use of URL shorteners. This is a common pattern for streamlining the installation of database drivers and management tools.
- [Local Credential Caching]: Management scripts facilitate connectivity by caching database credentials in a local configuration file (
~/.db2env). Access to this file is restricted to the owner (chmod 600), and the skill provides built-in integration with AWS Secrets Manager for more robust secret management. - [Scoped Privilege Escalation]: The installation script configures sudo access for the database user, specifically limited to the binaries required for Db2 instance management. This allows for necessary administrative tasks while maintaining a restricted execution environment.
- [Managed Resource Downloads]: The skill fetches essential certificates and software packages from official AWS truststores and public S3 repositories.
- [Diagnostic Security Bypass]: A bundled Java diagnostic utility includes a trust-all SSL context. This is documented as a baseline check for troubleshooting connectivity issues and is not used in the primary connection path.
Audit Metadata