Skills
skills/bagelhole/devops-security-agent-skills/terraform-azure/Gen Agent Trust Hub

terraform-azure

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script scripts/tf-init-azure.sh accepts user-provided arguments for project names and locations and interpolates them directly into shell commands (e.g., mkdir -p "$PROJECT_NAME") without sanitization. If an attacker provides a malicious string like $(id), it could lead to arbitrary command execution in the shell context.
  • [EXTERNAL_DOWNLOADS] (LOW): The initialization script executes terraform init, which downloads providers from the Terraform Registry (registry.terraform.io). While this is the intended primary purpose of the skill and necessary for Terraform to function, it involves downloading and preparing external binaries for execution.
  • [DATA_EXPOSURE] (SAFE): The skill follows security best practices by encouraging the use of remote backends for state files and does not contain hardcoded credentials or unauthorized access to sensitive local file paths like ~/.ssh or ~/.aws/credentials.
  • [PROMPT_INJECTION] (SAFE): No malicious instructions, role-play attempts, or system prompt extraction patterns were detected in the documentation or script comments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM