oma-tf-infra
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process and review external infrastructure data, which presents a surface for indirect prompt injection attacks.
- Ingestion points: The agent ingests external data when reviewing
terraform planoutputs and user-provided infrastructure descriptions as noted inresources/examples.md. - Boundary markers: While the
resources/execution-protocol.mddefines a structured workflow, it lacks specific instructions to wrap external plan data in delimiters or instructions to ignore embedded commands within that data. - Capability inventory: The skill has the capability to execute shell commands (e.g.,
terraform apply) and perform file system operations (writing.tffiles) as detailed inSKILL.mdandresources/execution-protocol.md. - Sanitization: There is no explicit mention of sanitizing or escaping the content of ingested Terraform plan outputs before processing.
- [EXTERNAL_DOWNLOADS]: The skill references and guides the setup of industry-standard tools and providers from trusted organizations including HashiCorp, AWS, GCP, Azure, and Palo Alto Networks (Checkov). These references follow the [TRUST-SCOPE-RULE] and are considered part of standard operational functionality.
- [COMMAND_EXECUTION]: The skill legitimately executes local CLI tools such as
terraform,tflint, andopato perform its primary function of infrastructure management. These operations are within the expected scope of the skill's purpose.
Audit Metadata