aws-cost-explorer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes the
awscommand-line utility to retrieve billing data. The implementation usessubprocess.runwith a list of arguments rather than a single shell string, which effectively prevents shell injection vulnerabilities. User-provided inputs such as dates and minimum cost thresholds are validated usingdatetime.strptimeandargparsetype casting. - DATA_EXFILTRATION (SAFE): The skill queries sensitive AWS billing information as its primary function. The data is returned directly to the agent/user, and no unauthorized external network requests or exfiltration patterns were identified.
Audit Metadata