troubleshooting-application-failures
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- AWS Resource Interaction: The skill uses standard AWS CLI commands (
aws logs describe-log-groups,aws logs start-query, etc.) to interact with CloudWatch logs. These are restricted to the user's provided region and application context. - Least Privilege Guidance: It appropriately lists the specific IAM permissions required for the skill to function (
logs:DescribeLogGroups,logs:DescribeLogStreams,logs:StartQuery,logs:GetQueryResults), which aligns with security best practices. - Data Handling: Log data is processed within the agent's context to identify error patterns and stack traces. There is no evidence of data exfiltration or transmission to non-AWS or third-party domains.
- Input Validation: The skill includes checks for required parameters (
application_name,region) and validates the existence of log groups and streams before attempting queries, preventing unnecessary API calls or execution errors.
Audit Metadata