rds-oss

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [Provisioning and Configuration]: The skill guides the agent in creating RDS instances with secure-by-default configurations, such as mandatory storage encryption and the use of AWS Secrets Manager for master user passwords. It explicitly prohibits destructive operations on existing resources without user confirmation.\n- [System Command Execution]: For database health and upgrade prechecks, the skill utilizes AWS Systems Manager (SSM) Run Command. These interactions are documented with clear security protocols, including the use of IAM database authentication and the avoidance of plaintext credentials in command history.\n- [Data Ingestion and Processing]: The skill processes metadata and metrics from AWS service APIs and SQL query outputs. While this creates a surface for indirect data influence, the skill's instructions require the agent to report factual results and follow strict boundary markers, mitigating potential risks.\n- [Included Utility Scripts]: A bundled Python script provides cost analysis by querying AWS pricing APIs. The script is transparent, uses standard libraries, and performs only read-only operations to support its advisory function.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 10:55 PM
Security Audit — agent-trust-hub — rds-oss