aws-sst-development
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a security hook that automatically verifies the current AWS account identity (
aws sts get-caller-identity) before sensitive tools likesst deployare executed, reducing the risk of accidental deployment to incorrect environments. - [SAFE]: Instructional content provides high-quality security guidance, explicitly directing the use of
sst.Secretfor credentials and providing warnings against echoing secrets into logs or plaintext SSM parameters. - [SAFE]: The skill follows secure infrastructure-as-code patterns, such as mandating the use of
$interpolatefor Pulumi outputs to prevent malformed policy documents and ensuring stage-gated resource protection to prevent accidental deletion of production assets. - [SAFE]: Operational guidelines include clear instructions for state hygiene, specifically directing the deletion of temporary state files (
/tmp/state.json) because they contain sensitive account and resource identifiers. - [SAFE]: External dependencies and tools are standard for the development workflow (npm, pnpm, aws-cli, sst) and are used for their primary intended purposes without suspicious side effects.
Audit Metadata