creating-data-lake-table
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [Infrastructure Management]: The skill utilizes standard AWS command-line tools (aws s3tables, aws glue, aws athena) and MCP server tools to manage data lake resources. These operations are conducted using the user's authenticated session.
- [Least-Privilege Guidance]: A significant portion of the skill is dedicated to ensuring secure access. The
references/access-control.mdfile provides specific ARN patterns and action lists for bucket policies and IAM roles, explicitly advising against overly broad permissions. - [Verified Identity and Region]: The instructions include a mandatory step to verify the current AWS identity using
aws sts get-caller-identity, ensuring the agent is operating within the expected account context. - [Standard Data Handling]: Schema inference and table creation logic follow data engineering best practices for Iceberg tables, with no evidence of unauthorized data exfiltration or credential harvesting.
- [No Code Execution or Obfuscation]: The analysis found no evidence of remote script execution, obfuscated content, or unauthorized dependency installations.
Audit Metadata