terraform-engineer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The file 'references/providers.md' contains HCL configuration blocks that reference the sensitive local path '~/.aws/credentials'. While standard for AWS provider authentication, this reference constitutes a high-risk data exposure surface for the agent's environment.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends installing utilities and modules from non-whitelisted sources. 'references/testing.md' references 'antonbabenko/pre-commit-terraform' and 'bridgecrewio/checkov-action', while 'references/module-patterns.md' points to the 'terraform-aws-modules' organization.
- [COMMAND_EXECUTION] (LOW): The core workflow requires executing the 'terraform' CLI for 'plan', 'apply', and 'test' operations. These commands can modify cloud resources and execute local code (e.g., via Terratest or provider plugins).
- [PROMPT_INJECTION] (LOW): Susceptibility to Indirect Prompt Injection exists via infrastructure code analysis. 1. Ingestion points: User-provided HCL files and requirements. 2. Boundary markers: Absent. 3. Capability inventory: 'terraform' CLI execution and file system access. 4. Sanitization: Absent.
Audit Metadata