aws-cdk-development
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash commands for AWS CDK and CLI operations, such as
cdk deployandaws sts get-caller-identity. These are standard tools for the primary purpose of infrastructure management and deployment validation. The use of identity checks is a positive security practice. - [INDIRECT_PROMPT_INJECTION]: A vulnerability surface exists due to the ingestion of documentation and project files.
- Ingestion points: Accesses AWS documentation via MCP and reads project files like
package.jsonthrough thevalidate-stack.shscript. - Boundary markers: No delimiters wrap retrieved data or file contents to distinguish them from core instructions.
- Capability inventory: Shell access allows execution of infrastructure deployment tools (npm, npx, cdk).
- Sanitization: No validation or sanitization of external content is performed before processing.
- [EXTERNAL_DOWNLOADS]: Recommends the use of the
cdk-nagauditing tool from official sources, which is a common security best practice in the CDK ecosystem.
Audit Metadata