terraform-hetzner
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the K3s installation script from the well-known service endpoint
https://get.k3s.ioduring the server initialization phase. - [EXTERNAL_DOWNLOADS]: Downloads standard system packages (curl, ufw, fail2ban) and the K3s binary from external sources during infrastructure provisioning.
- [COMMAND_EXECUTION]: Uses the
runcmddirective in thecloud-init.yamltemplate to execute shell commands with administrative privileges for system setup and security hardening. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface: [1] Ingestion points: Input variables
ssh_public_keyandadmin_ipinvariables.tfare interpolated into the cloud-init template. [2] Boundary markers: No delimiters or explicit safety instructions are used to separate user data from script commands. [3] Capability inventory: The skill performs administrative shell execution and manages cloud infrastructure resources. [4] Sanitization: No validation, escaping, or filtering is applied to the input variables before they are written to the server configuration.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.k3s.io - DO NOT USE without thorough review
Audit Metadata