skills/aws-samples/review-and-assessment-powered-by-intelligent-documentation/modify-cdk-workflows/Gen Agent Trust Hub
modify-cdk-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to perform local verification of CDK infrastructure changes using the command
cd cdk && npx cdk synth. - [COMMAND_EXECUTION]: After verification, the skill instructs the agent to trigger a deployment using the custom tool command
/deploy-cdk-stack. - [PRIVILEGE_ESCALATION]: The file
references/CDK-PATTERNS.mdprovides an example IAM policy that grants thebedrock:InvokeModelaction to all resources (*). While common in development samples, this represents a broad permission configuration that does not adhere to the principle of least privilege. - [INDIRECT_PROMPT_INJECTION]: This skill presents an attack surface for indirect prompt injection because it modifies existing project source code. • Ingestion points: The agent reads and modifies
review-processor.ts,checklist-processor.ts, andparameter-schema.ts. • Boundary markers: No explicit delimiters or instructions to ignore embedded code comments are provided. • Capability inventory: The agent has the capability to runcdk synthand execute deployment commands via/deploy-cdk-stack. • Sanitization: No specific sanitization or validation of the existing code content is performed before processing.
Audit Metadata