aws-serverless-eda
Provides expert guidance for building serverless applications and event-driven architectures on AWS using best practices.
Install this skill
Security score
The aws-serverless-eda skill was audited on Mar 1, 2026 and we found 16 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 568 | ### Pattern 5: Webhook Processing |
Webhook reference - potential data exfiltration
| 570 | Handle external webhooks: |
Webhook reference - potential data exfiltration
| 573 | // API Gateway endpoint for webhooks |
Webhook reference - potential data exfiltration
| 574 | const webhookApi = new apigateway.RestApi(this, 'WebhookApi', { |
Webhook reference - potential data exfiltration
| 575 | restApiName: 'webhooks', |
Webhook reference - potential data exfiltration
| 578 | const webhook = webhookApi.root.addResource('webhook'); |
Webhook reference - potential data exfiltration
| 579 | webhook.addMethod('POST', new apigateway.LambdaIntegration(webhookFunction, { |
Webhook reference - potential data exfiltration
| 584 | // Lambda handler validates and queues webhook |
Webhook reference - potential data exfiltration
| 586 | // Validate webhook signature |
Access to .env file
| 135 | Bucket: process.env.BUCKET_NAME, |
Access to .env file
| 236 | TableName: process.env.TABLE_NAME, |
Access to .env file
| 250 | TableName: process.env.TABLE_NAME, |
Access to .env file
| 444 | TableName: process.env.EVENT_STORE, |
Access to .env file
| 455 | TableName: process.env.EVENT_STORE, |
Access to .env file
| 594 | QueueUrl: process.env.QUEUE_URL, |
External URL reference
| 745 | - **AWS Serverless Workshops**: https://serverlessland.com/learn?type=Workshops |
Install this skill with one command
/learn @zach-source/aws-serverless-eda