remediating-with-aws-security-agent

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Sensitive Data Handling: The skill processes AWS Security Agent findings, which may contain sensitive exploit scripts or reproduction steps. To mitigate potential exposure, it enforces storage in a gitignored local directory (.security-agent/) and limits the amount of detail shared in chat sessions to high-level summaries.\n- Command Execution: This skill utilizes the aws CLI to interact with AWS Security Agent services. These operations include listing agent spaces, pentests, and code reviews, as well as fetching finding summaries and details. This behavior is consistent with the skill's intended purpose for managing AWS security resources.\n- Automated Remediation Surface: The skill is designed to apply code fixes based on remediation suggestions from the Security Agent. It uses a structured triage process and requires explicit user confirmation before applying any changes through the editor tool.\n- Environment Awareness: The skill executes git remote -v and reads standard project manifests (such as package.json or pyproject.toml) to identify the local application context. This information is used solely to match the repository with its corresponding security scan in the AWS account.\n- Indirect Instruction Processing (Vulnerability Surface): This skill ingests findings from external AWS APIs. While these sources are managed, the agent is instructed to summarize these findings for the user. (Ingestion: AWS Security Agent API; Boundary Markers: Explicit instructions to keep sensitive details out of chat; Capability Inventory: File creation, editor modifications, shell execution via AWS CLI; Sanitization: Confidence-based filtering of results).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:17 AM
Security Audit — agent-trust-hub — remediating-with-aws-security-agent