terraform-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: References to sensitive file paths like ~/.aws/credentials and service-account-key.json are used within documentation to guide the user on standard cloud provider authentication setup.
- [COMMAND_EXECUTION]: The skill's primary function includes executing terraform CLI commands (plan, apply, validate) and running automated testing frameworks like Terratest.
- [EXTERNAL_DOWNLOADS]: Documentation references installation procedures for several trusted tools and repositories, including HashiCorp providers, Gruntwork testing modules, and the Bridgecrew Checkov action.
- [PROMPT_INJECTION]: Analyzes untrusted infrastructure requirements and existing code, creating a surface for indirect prompt injection. 1. Ingestion points: Core workflow reviews requirements and existing infrastructure code. 2. Boundary markers: No specific delimiters are used to separate user-provided code. 3. Capability inventory: Executes system commands via terraform, go, and tflint. 4. Sanitization: No explicit validation or sanitization is mentioned for processed infrastructure code.
Audit Metadata