Skills
skills/hashicorp/agent-skills/new-terraform-provider/Gen Agent Trust Hub

new-terraform-provider

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill uses go get to download the terraform-plugin-framework package. The source github.com/hashicorp is a trusted organization, which downgrades the severity of the external download.
  • COMMAND_EXECUTION (LOW): The skill executes go build and go test to verify the scaffolded project. While these commands compile and run code, they are necessary for the primary purpose of a scaffolding tool and are performed on locally generated template code.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection as it processes user-provided directory names and interpolates them into a workspace.
  • Ingestion points: User-provided workspace root directory name (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: go build and go test (SKILL.md).
  • Sanitization: None detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:45 PM