cdk-rest-api
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill establishes patterns for ingesting and processing untrusted data from external users via API Gateway (headers, body, path parameters) and pagination cursors. While this is an inherent part of API functionality, it represents a surface area for indirect injection.
- Ingestion points: API request components are processed in
references/middleware-pattern.md, and base64-encoded cursors are handled inreferences/utilities-pattern.md. - Boundary markers: The pattern explicitly recommends using Zod-based validation middleware (
validateBody,validateHeaders,validatePathParameters) to enforce input schemas. - Capability inventory: Lambda functions are granted scoped access to services like Amazon S3 and SES (via
createSendEmailPolicyin `references/node-lambda-pattern.md"), and they interact with the persistence layer through structured repositories. - Sanitization: The skill prioritizes Zod for input validation and provides a
RestResultutility for consistent error handling and response shaping. - [DYNAMIC_EXECUTION]: The pagination logic in
references/utilities-pattern.mdutilizesJSON.parseto decode base64-encoded strings provided by clients as cursors. While a standard implementation for continuation tokens, the skill correctly positions this within the repository layer to isolate data parsing from business logic.
Audit Metadata