terraform-stacks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs explicitly instruct agents to fetch and parse third-party content—e.g., references/component-blocks.md allows module sources from public registries, Git URLs and HTTP archives, and references/api-monitoring.md directs AI agents to GET artifacts and diagnostics (apply-description, stack-diagnostics) from the HCP Terraform API and parse their outputs/snippets—so the agent will ingest untrusted, user-provided web content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime Terraform commands (e.g., "terraform stacks init" / configuration upload) that will fetch and execute remote modules/providers, including module source URLs such as git::https://github.com/org/repo.git//path?ref=v1.0.0 (and HTTP archives like https://example.com/modules/vpc-module.tar.gz), so these external URLs are used at runtime to retrieve code the agent/run-time tooling will execute.