aws-step-functions
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: No malicious instruction overrides or bypass attempts were detected. The instructions maintain standard operational guidance.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. All examples use standard AWS documentation placeholders, such as the '123456789012' account ID.
- [COMMAND_EXECUTION]: The skill documents the use of the
aws stepfunctions test-stateAPI for unit testing state machine logic. - Evidence: The file
references/validation-and-testing.mdincludes a 'Before Accessing AWS' protocol that mandates the agent ask for user permission, verify the caller identity, and confirm the IAM role before execution. - [DATA_EXFILTRATION]: Documentation is provided for debugging HTTP Tasks using the
--reveal-secretsflag. - Evidence: The skill correctly identifies this as a sensitive operation, explicitly listing the required
states:RevealSecretsIAM permission and warning the user never to commit the output to version control.
Audit Metadata