Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/building-terraform-modules/Gen Agent Trust Hub

building-terraform-modules

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's components, including module_scaffolding.py and the validation configurations, perform legitimate tasks related to DevOps automation. The code uses standard libraries for file and JSON processing without any suspicious network calls or obfuscation.
  • [COMMAND_EXECUTION]: The skill requests broad Bash tool access (cmd:*) to facilitate the creation of directory structures and the execution of Python-based scaffolding and validation scripts necessary for Terraform module development.
  • [PROMPT_INJECTION]: The skill processes user-provided specifications to generate Terraform code, creating a surface for indirect prompt injection.
  • Ingestion points: User specifications for infrastructure resources (SKILL.md)
  • Boundary markers: Not explicitly defined in the instruction set
  • Capability inventory: File system operations (read/write/edit) and script execution via Bash (SKILL.md, module_scaffolding.py)
  • Sanitization: Security-focused validation rules in validation_rules.json (e.g., no_sensitive_data_in_defaults, no_http_data_sources) are used to check the generated output for insecure patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:07 AM