terraform-dependency-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines a workflow for parsing external Terraform configuration files. Ingestion points: Terraform resource definitions and attribute references (Workflow Step 2). Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided. Capability inventory: The workflow suggests using shell-based tools like
terraform graph. Sanitization: No validation or sanitization of the input configuration is mentioned. - [COMMAND_EXECUTION] (LOW): The skill workflow recommends executing shell commands, specifically
terraform graphand Graphvizdot. While these are standard tools, shell execution is a sensitive capability.
Audit Metadata