terraform-diagrams
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection. * Ingestion points: The skill reads and parses .tf and .tfvars files from the user's workspace (identified in SKILL.md Step 1). * Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions embedded within the Terraform source code. * Capability inventory: Access to Bash(curl:*) and Read tools (defined in frontmatter). * Sanitization: Absent. There are no instructions to escape or filter content extracted from the Terraform files before inclusion in the API payload, allowing comments or resource names to contain malicious instructions.
- [DATA_EXFILTRATION] (MEDIUM): Transmission of infrastructure metadata to a non-whitelisted external domain. * Evidence: The skill executes a curl POST request to https://app.eraser.io/api/render/elements containing the parsed resource structure. * Risk: Sensitive architectural information such as resource names, CIDR blocks, and dependency hierarchies is transmitted to a third-party service.
- [COMMAND_EXECUTION] (MEDIUM): Dynamic command construction using untrusted data. * Evidence: The agent is instructed to build and execute a curl command (SKILL.md Step 4) where the data payload contains DSL code generated directly from user-controlled files.
Recommendations
- AI detected serious security threats
Audit Metadata