aws-serverless
Enables the development of serverless applications on AWS, utilizing Lambda, API Gateway, and DynamoDB for scalable solutions.
Install this skill
Security score
The aws-serverless skill was audited on May 12, 2026 and we found 15 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 167 | ```yaml |
Template literal with variable interpolation in command context
| 348 | console.error(`Failed to process message ${record.messageId}:`, error); |
Template literal with variable interpolation in command context
| 456 | console.log(`${eventName}: `, { newImage, oldImage }); |
Template literal with variable interpolation in command context
| 612 | ```json |
Template literal with variable interpolation in command context
| 995 | ```yaml |
Template literal with variable interpolation in command context
| 1117 | Key: `uploads/${Date.now()}.file` |
Template literal with variable interpolation in command context
| 1138 | Key: `reports/${reportId}.json`, |
Template literal with variable interpolation in command context
| 1145 | Key: `reports/${reportId}.json` |
Template literal with variable interpolation in command context
| 1213 | await writeToS3(`processed/${key}`, result); |
Access to .env file
| 90 | TableName: process.env.TABLE_NAME, |
Access to .env file
| 1116 | Bucket: process.env.BUCKET_NAME, |
Access to .env file
| 1137 | Bucket: process.env.BUCKET_NAME, |
Access to .env file
| 1144 | Bucket: process.env.BUCKET_NAME, |
External URL reference
| 242 | Value: !Sub "https://${HttpApi}.execute-api.${AWS::Region}.amazonaws.com/prod" |
External URL reference
| 865 | const response = await axios.get('https://api.example.com/data', { |