/claim #1337

Skill Improvement ($50-150 Bounty)

Related review issue: #1337

Summary

This improves aws-review by adding GuardDuty coverage evidence gates so Security Hub, CloudTrail, or CloudWatch evidence is not treated as proof of GuardDuty detector, protection-plan, Runtime Monitoring, finding-delivery, suppression-filter, or sample-destination coverage.

Changes

• Add AWS-GD-01 through AWS-GD-08 evidence gates.
• Require account/Region denominator, detector and delegated-admin coverage, organization auto-enable/backfill, workload-relevant protection plans, Runtime Monitoring agent/workload evidence, finding delivery and retention, suppression-filter governance, and sample finding destination proof.
• Extend output with GuardDuty Coverage Evidence and gate results.
• Add benchmark-checklist GuardDuty review patterns.
• Add skill-local benign and vulnerable JSON fixtures.

Bounty Tier

• Minor ($50) - Small improvements, typo fixes, minor clarifications
• Moderate ($100) - Adds meaningful coverage, new validation gates, or useful fixtures
• Substantial ($150) - Major restructuring, broad new coverage, or comprehensive test suite additions

Validation

• git diff --cached --check
• git diff --check origin/main...HEAD
• JSON parse check for both fixtures
• Markdown fence balance check
• marker checks for AWS-GD-01 through AWS-GD-08
• added-line realistic-secret-pattern scan
• git merge-tree --write-tree origin/main HEAD matches HEAD^{tree}
• fork branch created through GitHub Git Data API after HTTPS push resets; remote tree verified to match local HEAD^{tree}

Payment preference

GitHub Sponsors, if accepted.