aws-observability
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Standard Command Guidance: The skill includes numerous examples of AWS CLI commands (e.g.,
aws cloudwatch put-metric-alarm,aws cloudtrail lookup-events) and SQL queries for Amazon Athena. These are standard administrative actions used for observability and troubleshooting. - CDK and Configuration Assets: The provided TypeScript (
alarm-template.ts) and YAML (otel-config.yaml) files contain best-practice configuration for the AWS Cloud Development Kit (CDK) and the AWS Distro for OpenTelemetry (ADOT). These assets utilize established libraries and official deployment patterns. - Educational Security Context: The documentation actively provides security-relevant advice, such as warning against using high-cardinality dimensions to prevent cost spikes and recommending the stripping of trace headers from untrusted requests to prevent trace injection.
- Data Ingestion Analysis: While the skill is designed to help the agent process and query observability data (logs, metrics, and traces), it does not include patterns for exfiltrating this data or performing unauthorized access. It focuses on facilitating operational visibility within the user's own AWS environment.
- Resource References: All external links point to official AWS documentation (e.g.,
docs.aws.amazon.com), which are trusted domains for service configuration and guidance.
Audit Metadata