migration-to-aws

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: Implements comprehensive secret handling and redaction protocols. The discovery logic in discover-iac.md and discover-app-code.md automatically identifies and redacts sensitive patterns like passwords and API keys, and skips credential-heavy files like .env or credentials.json entirely.
  • [SAFE]: Telemetry collection for the optional feedback phase is designed for privacy. The feedback-trace.md builder strictly filters out resource names, account IDs, and specific configuration values, producing a minified JSON object that the user must manually share.
  • [COMMAND_EXECUTION]: The skill instructs the agent to run common infrastructure and cloud CLI tools, including terraform, aws, gcloud, and docker, which are necessary for its primary function of planning and executing a cloud migration.
  • [SAFE]: Uses localized script execution for data processing tasks. For example, discover.md generates a local Python script for efficient billing data extraction, avoiding the need for remote code execution or pulling large raw data files into the model's immediate context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 10:46 AM
Security Audit — agent-trust-hub — migration-to-aws