Skills
skills/akin-ozer/cc-devops-skills/terraform-validator/Gen Agent Trust Hub

terraform-validator

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the python-hcl2 and checkov packages from the Python Package Index (PyPI). These are well-known, industry-standard tools used for parsing HCL and performing security scans on infrastructure-as-code configurations.
  • [COMMAND_EXECUTION]: The skill orchestrates several shell scripts (extract_tf_info_wrapper.sh, run_checkov.sh, install_checkov.sh) and external binaries including terraform, tflint, and checkov. These executions are central to the skill's purpose of validating and auditing Terraform code.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly provides documentation in references/security_checklist.md for identifying and remediating hardcoded credentials and sensitive data exposure in Terraform state and configurations, promoting secure infrastructure practices.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted Terraform data for analysis. It mitigates injection risks by using the robust python-hcl2 library for parsing rather than unsafe execution or simple regular expressions, and focuses its output on technical audit findings based on provided reference patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 06:17 PM