securing-serverless
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation includes numerous examples of cloud CLI commands (AWS, GCP, Azure) for sensitive operations like creating IAM users, attaching administrative policies, and modifying function configurations. These are provided as part of educational 'Attack Scenarios' and audit procedures.
- [REMOTE_CODE_EXECUTION]: The skill provides example payloads and vulnerable code snippets (e.g., misuse of
eval()in Python and JavaScript) to demonstrate how remote code execution and reverse shells are achieved in serverless environments, followed by secure coding remediations. - [EXTERNAL_DOWNLOADS]: The guide describes downloading security auditing tools like
osv-scannerfrom Google's official GitHub repository and cloningsemgrep-rulesfor static analysis. These are trusted sources and standard practice for security-focused tasks. - [DATA_EXFILTRATION]: Includes examples of malicious payloads designed to exfiltrate environment variables and sensitive files to external servers (using
curlandwget), presented for educational purposes to illustrate information leakage risks. - [CREDENTIALS_UNSAFE]: Contains placeholder credentials, session tokens, and passwords within the documentation and code examples to clarify how authentication secrets are handled and potentially exploited.
Audit Metadata