terragrunt-validator

SUSPICIOUS. The skill is mostly coherent for Terragrunt validation and uses largely official tooling, but its footprint is broader than its title suggests: it includes apply/destroy, arbitrary exec with auth context, and external doc retrieval combined with command execution. No clear credential theft or attacker-controlled endpoint is present, so this is not malicious, but it carries meaningful operational and supply-chain risk.