aws-cdk-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill suggests installing 'cdk-nag' via npm. This is a reputable tool from the 'cdklabs' organization for infrastructure auditing.
- [COMMAND_EXECUTION] (SAFE): The skill references a local validation script './scripts/validate-stack.sh'. This is a standard architectural pattern for IaC projects to ensure synthesis success and policy compliance.
- [INDIRECT_PROMPT_INJECTION] (LOW): Ingests external data through AWS documentation MCP servers. Evidence Chain: 1. Ingestion points: 'mcp__aws-mcp__aws___read_documentation'. 2. Boundary markers: Absent. 3. Capability inventory: 'cdk synth' and local script execution. 4. Sanitization: Absent. The risk is considered low due to the trusted nature of AWS documentation sources.
Audit Metadata