Serverless Security (SRVLS)

Analyze serverless applications for security vulnerabilities including overprivileged IAM policies, event data injection, secrets stored in plain-text environment variables, /tmp directory data reuse between invocations, excessive timeout configuration, and missing concurrency limits. Serverless architectures introduce unique attack surfaces where each function is an independent entry point with its own trust boundary.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

• --scope determines which files to analyze (default: changed)
• --depth standard reads code and checks function configuration
• --depth deep traces event flow across function triggers and IAM policy chains
• --severity filters output (serverless issues are often high or critical)