aws-serverless
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill utilizes environment variables (e.g.,
process.env.TABLE_NAME) for resource configuration, which is a standard AWS best practice. While code snippets include error logging that outputs stack traces toconsole.error, this is typical for development templates and does not constitute a security violation in this context. - [INDIRECT_PROMPT_INJECTION]: The provided Lambda handlers ingest untrusted data from
event.bodyand SQSrecord.body. - Ingestion points:
handler.jsandprocessor.jsparse JSON from event bodies. - Boundary markers: None present in the code snippets.
- Capability inventory: The templates demonstrate DynamoDB read/write operations and SQS message processing.
- Sanitization: The snippets show basic
JSON.parseusage without explicit schema validation, which is an expected starting point for template code. This represents a typical attack surface for serverless functions rather than a malicious intent within the skill itself. - [EXTERNAL_DOWNLOADS]: The skill references standard AWS SDKs for Node.js and Python. These are well-known, trusted libraries provided by Amazon Web Services and are necessary for the skill's stated purpose.
Audit Metadata