The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses pip to install the checkov security scanner and the python-hcl2 HCL parsing library from PyPI. These are established, well-known services for infrastructure-as-code tooling.
[COMMAND_EXECUTION]: The skill executes various CLI tools including terraform, tflint, and checkov through shell wrappers. These wrappers manage environment variables and ensure that tools are run from isolated virtual environments.
[PROMPT_INJECTION]: The skill is designed to process and analyze user-provided Terraform configuration files (.tf), which serves as a surface for indirect prompt injection.
Ingestion points: The skill reads local Terraform files through the extract_tf_info.py script and the run_checkov.sh scanner.
Boundary markers: No explicit delimiters are specified in the workflow to encapsulate or neutralize potentially malicious instructions embedded in HCL comments or resource names within the processed files.
Capability inventory: The skill can perform terraform init, which allows for network access to fetch providers and modules, and provides detailed audit reports based on file content.
Sanitization: The skill utilizes the python-hcl2 library for structured parsing of Terraform files, providing better security than regex-based extraction, though it does not explicitly sanitize output before it is returned to the agent context.

terraform-validator