Skills
skills/pulumi/agent-skills/pulumi-cdk-to-pulumi/Gen Agent Trust Hub

pulumi-cdk-to-pulumi

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes aws, cdk, pulumi, and jq commands to inspect infrastructure, synthesize templates, and manage the migration lifecycle.\n- [EXTERNAL_DOWNLOADS]: Downloads and installs official Pulumi plugins (cdk2pulumi, cdk-importer) using the Pulumi CLI and fetches technical documentation from Pulumi's official website.\n- [PROMPT_INJECTION]: Ingests and processes CDK artifacts and AWS resource metadata, which constitutes an indirect injection surface when dealing with untrusted codebases.\n
  • Ingestion points: cdk.out/manifest.json, *.assets.json, cdk.json, package.json, and output from aws cloudformation list-stack-resources.\n
  • Boundary markers: Absent.\n
  • Capability inventory: Shell execution (aws, cdk, pulumi, jq) and file system access (writing Pulumi.yaml and import.json).\n
  • Sanitization: Not explicitly implemented in instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:01 AM