terraform
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill documents the use of core Terraform commands including
terraform applyandterraform destroy. If an agent uses this skill to execute arbitrary or untrusted HCL code, it could lead to unauthorized infrastructure changes, resource deletion, or arbitrary command execution via Terraform'slocal-execprovisioners or theexternaldata source provider. - [EXTERNAL_DOWNLOADS] (LOW): The skill documentation references the use of the
hashicorp/awsprovider. Terraform's architecture requires downloading binary providers from the Terraform Registry during theterraform initphase. While HashiCorp is a trusted source, this represents a runtime dependency on external binaries. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill defines a high-capability surface where the agent is expected to process and execute infrastructure code.
- Ingestion points: Variable definitions (variables.tf) and provider configurations which often ingest external data.
- Boundary markers: None provided in the templates to separate trusted vs untrusted HCL input.
- Capability inventory: Full filesystem and network access via Terraform providers, plus shell execution via provisioners.
- Sanitization: None present; the skill assumes the HCL provided is safe to execute.
Recommendations
- AI detected serious security threats
Audit Metadata