terragrunt-generator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration involves downloading content from a non-trusted external repository.\n
- Evidence: The install_command in metadata.json retrieves the SKILL.md file from a GitHub repository owned by 'akin-ozer', which is not listed in the trusted organizations or vendors list.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates untrusted user input into generated Terragrunt configurations without sufficient safeguards.\n
- Ingestion points: User-provided infrastructure specifications, environment names, and variable values are ingested to populate HCL templates.\n
- Boundary markers: Absent; the skill does not define delimiters or provide instructions to the agent to disregard instructions embedded in the user-provided requirements.\n
- Capability inventory: The skill provides instructions for generating files on the filesystem and documentation for executing
terragruntCLI commands (init, plan, apply) on that output.\n - Sanitization: Absent; the skill does not specify any validation, escaping, or filtering of user-provided strings before they are used in code generation.
Audit Metadata