terragrunt-validator

The Terragrunt Validator skill shows coherent purpose and capabilities for validating and auditing Terragrunt configurations, with a clear workflow for custom resource/documentation lookups and multiple optional security scans. However, its footprint includes supply-chain risk (curl | sh installers from unverified URLs), potential credential exposure through per-unit exec contexts, and broad tool install chains from multiple sources. Data flows involve external services and documentation lookups, which require strict validation and trust in endpoints. Overall, the skill is SUSPICIOUS due to inconsistent and risky download/install patterns and potential credential exposure, though not clearly malicious without exploitation. It would be considered Benign-to-Suspicious with strong recommendations to pin/install from verified registries, remove untrusted curl|bash steps, and tightly scope credential access.