setup-security-agent

Installation
SKILL.md

AWS Security Agent — Setup

This skill handles ONE thing: making sure the workspace has a working agent space, IAM service role, and S3 bucket linked together. Scans and pentests live in separate skills and assume this is done.


Local state convention

All Security Agent skills share workspace-local state at .security-agent/:

  • config.json{ "agent_space_id": "as-...", "region": "us-east-1", "code_reviews": { "<abs_path>": "cr-..." } }. Account ID, role ARN, and bucket name are derived by convention. The code_reviews map lets scans reuse the same CodeReview for a workspace.
  • scans.json — array of { scan_id, code_review_id, job_id, agent_space_id, scan_type, title, started_at, status, path } (keep last 50)
  • pentests.json — same shape, for pentest jobs
  • .gitignore — contents * so this directory stays untracked
  • findings-{scan_id}.md — written by the scan skill after each scan completes

This skill's job is to populate config.json and create .gitignore.

Derived values (convention over config)

Installs
100
GitHub Stars
1.8K
First Seen
Jun 18, 2026
setup-security-agent — aws/agent-toolkit-for-aws