aws-lambda-microvms
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples of AWS CLI commands (e.g.,
aws lambda-microvms run-microvm) intended for managing the serverless infrastructure. These are documented administrative actions consistent with the skill's purpose. - [EXTERNAL_DOWNLOADS]: The documentation guides the user to use base images from the Amazon ECR Public Gallery (
public.ecr.aws) and to install verified packages from official registries (e.g.,flaskviapip). These resources originate from well-known and trusted technology services. - [DATA_EXFILTRATION]: The skill references the standard AWS IMDSv2 metadata endpoint (
169.254.169.254) as a method for the MicroVM to securely obtain temporary IAM credentials for accessing other AWS services. This is a standard and documented feature of AWS compute environments. - [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill includes extensive security recommendations, such as using
aws:SourceAccountcondition keys to prevent the confused deputy problem and implementing CSPRNG re-seeding to ensure entropy uniqueness across VM snapshots.
Audit Metadata