Security Audit

pulumi-cdk-to-pulumi

github.com/pulumi/agent-skills

AI SkillCommit bbf441e6b135

CAUTION

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pulumi-cdk-to-pulumi received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Parameters, Unpinned External Tool Dependencies Introduce Supply Chain Risk.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized Parameters The skill instructs the agent to execute shell commands (`aws cloudformation list-stack-resources`, `pulumi config set`) where parameters like `<region>` and `<stack>` are derived from dynamic sources (user input, `cdk.out/manifest.json`). If these parameters are not properly sanitized before being interpolated into the command string, an attacker could inject malicious shell commands. For example, a specially crafted stack name or region could lead to arbitrary code execution on the agent's host. Ensure all parameters derived from user input or external files are strictly validated and sanitized (e.g., using allow-lists for regions, escaping shell metacharacters) before being used in shell commands. Prefer using tool-specific APIs or libraries for interacting with AWS and Pulumi configuration rather than direct shell command execution where possible, as these often handle sanitization internally.	LLM	SKILL.md:59
HIGH	Unpinned External Tool Dependencies Introduce Supply Chain Risk The skill relies on several external tools (`npx cdk`, `cdk2pulumi`, `cdk-importer`, `jq`) without specifying version pinning or secure installation methods. This introduces a significant supply chain risk. If any of these tools or their distribution channels (e.g., npm registry for `cdk`) are compromised, the agent could execute malicious code when attempting to run these unpinned dependencies. The instructions do not provide guidance on how to mitigate this risk. Pin all external tool dependencies to specific, known-good versions (e.g., `npx cdk@1.2.3 synth`). Implement secure installation practices, such as using checksums or private registries, to ensure the integrity of downloaded tools. For `cdk2pulumi` and `cdk-importer`, specify how these tools should be installed and managed securely, ideally within a controlled environment.	LLM	SKILL.md:45

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7250869e059fd4ee.svg)](https://skillshield.io/report/7250869e059fd4ee)