setup-security-agent

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • IAM Role and Policy Management: The skill automates the creation and configuration of the SecurityAgentScanRole IAM role using the AWS CLI. This includes sensitive actions such as iam:CreateRole and iam:PutRolePolicy. These steps are central to the setup process and incorporate security controls like an aws:SourceAccount condition in the trust policy to prevent confused deputy scenarios.
  • S3 Bucket Provisioning and Security: It provisions a dedicated S3 bucket for security scan artifacts. The skill explicitly applies a public access block (BlockPublicAcls, BlockPublicPolicy, etc.) and a 30-day lifecycle expiration policy, which are proactive measures for data protection and storage management.
  • Standard Command Execution: The skill utilizes standard AWS CLI commands to verify identity and manage cloud resources. These operations are scoped to the requirements of the Security Agent setup and do not involve unconventional or high-risk execution patterns.
  • Local State Management: The skill maintains a .security-agent/ directory to store local configuration. It includes a .gitignore file to ensure that local workspace configuration remains untracked by version control systems, preventing accidental exposure of configuration metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:17 AM
Security Audit — agent-trust-hub — setup-security-agent