implementing-zero-standing-privilege-with-cyberark

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECREDENTIALS_UNSAFE
Full Analysis
  • [SAFE]: The core functionality of the skill is centered on security auditing and migration to a zero-trust architecture, with scripts performing legitimate API calls to AWS and CyberArk.
  • [CREDENTIALS_UNSAFE]: The scripts/agent.py script takes sensitive credentials (username and password) via command-line arguments. This is an insecure practice as it can lead to credential exposure in process listings and shell history.
  • [SAFE]: The scripts/agent.py script bypasses SSL certificate verification and suppresses warnings using urllib3.disable_warnings. While this facilitates operation in environments with internal certificates, it is a deviation from standard transport security practices.
  • [SAFE]: The skill utilizes standard, reputable libraries including boto3 and requests for cloud resource auditing and HTTP communications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 11:33 PM
Security Audit — agent-trust-hub — implementing-zero-standing-privilege-with-cyberark