rds-db2

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Remote Script Execution]: The skill includes instructions to download and execute setup scripts from remote sources, including the use of URL shorteners. This is a common pattern for streamlining the installation of database drivers and management tools.
  • [Local Credential Caching]: Management scripts facilitate connectivity by caching database credentials in a local configuration file (~/.db2env). Access to this file is restricted to the owner (chmod 600), and the skill provides built-in integration with AWS Secrets Manager for more robust secret management.
  • [Scoped Privilege Escalation]: The installation script configures sudo access for the database user, specifically limited to the binaries required for Db2 instance management. This allows for necessary administrative tasks while maintaining a restricted execution environment.
  • [Managed Resource Downloads]: The skill fetches essential certificates and software packages from official AWS truststores and public S3 repositories.
  • [Diagnostic Security Bypass]: A bundled Java diagnostic utility includes a trust-all SSL context. This is documented as a baseline check for troubleshooting connectivity issues and is not used in the primary connection path.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 10:22 AM
Security Audit — agent-trust-hub — rds-db2