terraform-aws
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the 'awslabs.aws-pricing-mcp-server' using the uvx package runner. This resource is provided by the well-known AWS Labs organization.
- [COMMAND_EXECUTION]: The skill includes several shell script templates for common infrastructure tasks:
- An environment resolution script in 'references/cicd-patterns.md' for sanitizing branch names in CI/CD pipelines.
- A resource cleanup script in 'references/cicd-patterns.md' that utilizes the AWS CLI to find and destroy orphaned resources.
- Drift detection logic in 'references/cicd-patterns.md' using the 'terraform plan' command.
- [PROMPT_INJECTION]: Identification of an indirect prompt injection surface:
- Ingestion points: The 'analyze_terraform_project' tool (recommended in 'SKILL.md') is designed to scan user-provided Terraform project files.
- Boundary markers: The instructions do not define specific delimiters or instructions to prevent the analyzing agent from following commands embedded within the analyzed project files.
- Capability inventory: The skill provides templates for high-privilege IAM roles, Lambda function deployments, and CI/CD pipelines across its reference files (e.g., 'references/security-iam.md' and 'references/cicd-patterns.md').
- Sanitization: No sanitization or validation of the scanned project content is specified.
Audit Metadata