terraform-infrastructure
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes a bash script and Terraform CLI to manage infrastructure. These are expected and legitimate operations for this skill's primary purpose.
- [EXTERNAL_DOWNLOADS] (SAFE): The HCL configuration references the 'hashicorp/aws' provider. Per [TRUST-SCOPE-RULE], HashiCorp is a trusted organization, and the use of their official provider registry is considered safe.
- [DATA_EXFILTRATION] (SAFE): No evidence of hardcoded credentials or unauthorized data access was found. The S3 backend configuration for state management is a standard and recommended practice.
- [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were identified within the skill body or metadata.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The
deploy-terraform.shscript possesses an ingestion surface for untrusted data via its command-line arguments. - Ingestion points: The
$ENVIRONMENTand$ACTIONvariables indeploy-terraform.share passed as arguments to the script. - Boundary markers: Absent.
- Capability inventory: The script can execute
terraform init,plan,apply, anddestroycommands. - Sanitization: No explicit sanitization or validation of the input arguments is performed. While this creates a vulnerability surface for shell injection, the severity is assessed as SAFE in the context of a boilerplate automation script intended for infrastructure developers.
Audit Metadata