The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill possesses a high-privilege attack surface by ingesting external data to configure authentication infrastructure.
Ingestion points: The descope_project resource ingests authentication flow logic from external JSON files via file("flows/sign-up-or-in.json") and relies on numerous input variables (var.xxx) for sensitive configurations like connector secrets and redirect URLs.
Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from adopting malicious configurations found in processed JSON data.
Capability inventory: The skill allows for full modification of authentication methods (OTP, Passwords, SSO), RBAC roles/permissions, and management key generation via terraform apply.
Sanitization: There is no evidence of validation or sanitization for the logic contained within the flow JSON files or the values provided to infrastructure variables.
Unverifiable Dependencies (MEDIUM): The skill requires the installation of the descope/descope Terraform provider.
Evidence: terraform init downloads binary provider plugins from the Terraform Registry. The descope organization is not included in the predefined Trusted External Sources list.
Command Execution (LOW): The skill documentation instructs the user/agent to execute shell commands.
Evidence: terraform init, terraform plan, and terraform apply are required for the skill to function. While standard for infrastructure-as-code, these commands execute external binaries with the potential for side effects.

descope-terraform