The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file examples/main.tf contains hardcoded AWS access keys and an API key pattern (AKIAIOSFODNN7EXAMPLE, sk-live-abc123def456). These are explicitly documented in the file comments as dummy values and deliberate security anti-patterns provided for testing the security scanner's detection capabilities.
[COMMAND_EXECUTION]: The skill includes two Python scripts, scripts/tf_module_analyzer.py and scripts/tf_security_scanner.py, which perform local filesystem operations. These scripts walk directory trees and read the content of .tf files to perform structural and security analysis using regular expressions.
[PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it is designed to ingest and process external Terraform configurations. While the analysis is performed via static scripts, malicious instructions could be embedded in the comments or resource metadata of scanned files, potentially influencing the AI agent's interpretation of the scan results.

terraform-patterns