terraform-arch-mapper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function is to ingest untrusted external data in the form of Terraform (.tf) files.
- Ingestion points: Reads all
.tffiles within a user-specified directory. - Boundary markers: None visible in documentation; the skill extracts resource names and dependencies which are human-authored strings.
- Capability inventory: Accesses the local file system and produces structured diagram code (Mermaid/PlantUML) often interpreted by other agent components.
- Sanitization: No evidence of sanitization for malicious strings embedded in resource metadata or comments.
- Data Exposure (MEDIUM): Terraform files are sensitive as they define organizational infrastructure.
- Evidence: The skill scans entire directories for
.tffiles. These files often contain internal IP ranges, resource naming schemes, and occasionally hardcoded secrets or environment variables. - Self-referential Safety Claim: The 'Knowledge Protocol' mentioned in
SKILL.mdclaims to prevent leaks of confidential data; however, this is an unverified claim that cannot be validated without the implementation code.
Recommendations
- AI detected serious security threats
Audit Metadata