aws-lambda-microvms

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous examples of AWS CLI commands (e.g., aws lambda-microvms run-microvm) intended for managing the serverless infrastructure. These are documented administrative actions consistent with the skill's purpose.
  • [EXTERNAL_DOWNLOADS]: The documentation guides the user to use base images from the Amazon ECR Public Gallery (public.ecr.aws) and to install verified packages from official registries (e.g., flask via pip). These resources originate from well-known and trusted technology services.
  • [DATA_EXFILTRATION]: The skill references the standard AWS IMDSv2 metadata endpoint (169.254.169.254) as a method for the MicroVM to securely obtain temporary IAM credentials for accessing other AWS services. This is a standard and documented feature of AWS compute environments.
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill includes extensive security recommendations, such as using aws:SourceAccount condition keys to prevent the confused deputy problem and implementing CSPRNG re-seeding to ensure entropy uniqueness across VM snapshots.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 04:14 PM
Security Audit — agent-trust-hub — aws-lambda-microvms