terraform-skill
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes installation scripts for industry-standard tools (TFLint and Trivy) from their official GitHub organizations (
terraform-lintersandaquasecurity). These are well-known technology organizations and the scripts are standard installation methods. - [COMMAND_EXECUTION]: Provides detailed instructions for the agent to execute standard infrastructure-as-code CLI commands using
terraform,tofu, and associated security tooling such ascheckovandinfracost. - [DATA_EXFILTRATION]: Contains guidance on handling sensitive data like AWS credentials and Terraform state files. The skill follows security best practices by recommending the use of encrypted remote backends and AWS Secrets Manager instead of hardcoding sensitive information.
- [PROMPT_INJECTION]: The skill processes user-controlled Terraform configuration files as its primary function. While it lacks explicit boundary markers or sanitization for untrusted file content (Category 8: Indirect Prompt Injection surface), it focuses on providing secure architectural guidance and does not contain malicious instructions.
Audit Metadata