The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill uses Python and Bash scripts to execute terraform commands. This allows the agent to provision cloud resources and access state files, which may contain sensitive data such as credentials or infrastructure secrets extracted via terraform show -json.\n- [EXTERNAL_DOWNLOADS] (LOW): The terraform init command, featured in the core workflow and manager scripts, downloads providers and modules from external registries. This is a standard IaC practice but involves a reliance on external third-party code.\n- [PROMPT_INJECTION] (LOW): The skill is exposed to Indirect Prompt Injection (Category 8) as it parses and acts upon HCL configuration and variable files provided in the workspace.\n
Ingestion points: .tf files, .tfvars files, and config-example.json.\n
Boundary markers: None; there are no safeguards to distinguish between configuration data and potentially malicious instructions embedded within that data.\n
Capability inventory: Management of cloud resources and state data through the terraform CLI.\n
Sanitization: None; the skill does not perform security-specific validation of the infrastructure code it processes.

terraform