Skills
skills/bagelhole/devops-security-agent-skills/terraform-azure/Gen Agent Trust Hub

terraform-azure

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The initialization script scripts/tf-init-azure.sh contains an indirect prompt injection surface (Category 8) where untrusted input is used to generate executable code.
  • Ingestion points: The $PROJECT_NAME and $LOCATION variables are accepted as CLI arguments.
  • Boundary markers: Not present in the file generation process.
  • Capability inventory: The script performs multiple file writes and executes the terraform init command.
  • Sanitization: No validation or escaping is applied to the project name or location before they are interpolated into the generated .tf and .tfvars files.
  • [COMMAND_EXECUTION]: The script scripts/tf-init-azure.sh executes terraform init, which initiates connections to the Hashicorp registry to download infrastructure providers.
  • [SAFE]: The template in assets/vnet-module.tf defines a network security group that allows inbound SSH traffic from any source (*). This is an insecure infrastructure configuration default but does not pose a direct threat to the agent's host environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 02:05 PM