devops-iac-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process user-provided architecture requirements and design specifications to generate complex, executable Terraform and Kubernetes code. This creates an attack surface where malicious instructions could be embedded in the design data provided to the agent.
- Ingestion points: Architecture requirements and deployment specifications provided by the user in the interaction session.
- Boundary markers: Absent. The skill instructions do not provide delimiters or clear warnings for the agent to distinguish between structural requirements and potentially malicious embedded instructions.
- Capability inventory: The skill allows for the generation of shell commands, provisioning of cloud infrastructure, and deployment of containerized services.
- Sanitization: Absent. No explicit validation of external input or escaping of data before interpolation into generated code is described.
- External Downloads (LOW): The CI/CD pipeline template in
examples/pipelines/github-actions.ymlreferences theaquasecurity/trivy-actionrepository, which is not part of the provided list of trusted GitHub organizations. - Evidence: Use of
aquasecurity/trivy-action@masterin the security scanning job. - Context: While
aquasecurityis a reputable security vendor and the tool (Trivy) is a standard vulnerability scanner, it is not on the explicit whitelist. Following the rule to consider the primary skill purpose (DevSecOps), the severity is maintained at LOW as it is a standard security tool used as intended within the template. - Credential Security (SAFE): The provided Kubernetes manifest in
examples/kubernetes/complete-app.yamluses explicit placeholders such aschangeme-use-sealed-secretsandchangeme-use-external-secrets, avoiding the hardcoding of real credentials.
Audit Metadata