redshift
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinlib/client.pyandsetup.pyto execute AWS CLI commands. This is used for authenticating with AWS, discovering clusters, and executing SQL queries via the Redshift Data API. - [CREDENTIALS_UNSAFE]: The
setup.pyscript accesses~/.aws/credentialsand~/.aws/config. This access is used strictly to list available AWS profile names during the interactive setup process, allowing the user to select an existing IAM identity. - [PROMPT_INJECTION]: While the skill processes data from external databases (a surface for Indirect Prompt Injection), it implements a strict read-only validator in
lib/client.py. This validator enforces an allowlist of SQL keywords (SELECT, WITH, SHOW, etc.) and blocks multi-statement queries to prevent unauthorized DDL or DML operations. - [SAFE]: No external data exfiltration was detected. The skill saves query results locally to
~/redshift-exports/and uses standard AWS CLI mechanisms for all network interactions with AWS infrastructure.
Audit Metadata