terraform
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by converting user-defined infrastructure specifications into HCL code and executing it.\n
- Ingestion points: The agent accepts natural language descriptions of infrastructure needs to generate or edit .tf files.\n
- Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in user data are provided.\n
- Capability inventory: The skill uses
Bash(forterraform apply),Write, andEdittools to manage infrastructure.\n - Sanitization: There is no defined process for validating or escaping user-provided data before it is interpolated into the generated Terraform templates.\n- [COMMAND_EXECUTION]: The skill documentation includes instructions for using the
Bashtool to execute powerful Terraform lifecycle commands, includingapplyanddestroy. These tools can significantly alter cloud environments and require trusted input to operate safely.
Audit Metadata