aws-cdk-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill recommends installing 'cdk-nag' and standard AWS CDK libraries. These are trusted packages maintained by Amazon Web Services and the CDK community, used specifically for infrastructure validation and resource definition.
- COMMAND_EXECUTION (SAFE): The instructions suggest executing standard development commands like 'cdk synth', 'npm test', and a local validation script ('./scripts/validate-stack.sh'). These operations are fundamental to the intended purpose of the skill and do not involve suspicious or unauthorized command patterns.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file path access (e.g., ~/.aws/credentials), or unauthorized network exfiltration patterns were detected. The skill actively promotes security best practices such as account-level isolation.
- PROMPT_INJECTION (SAFE): The skill does not contain instructions designed to override agent behavior, bypass safety filters, or reveal system prompts.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill is designed to process user-provided CDK infrastructure code (an ingestion point for untrusted data), it includes guidance on using 'cdk-nag' for security audits and validation, which acts as a mitigation strategy for potential misconfigurations.
Audit Metadata