terragrunt
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides architectural guidance, HCL templates, and utility scripts for managing Terragrunt infrastructure.
- [COMMAND_EXECUTION]: Includes a bootstrap script 'scripts/setup-state-backend.sh' that uses the AWS CLI to create state management resources (S3 and DynamoDB). This is standard functionality for bootstrapping infrastructure and intended for manual developer execution.
- [EXTERNAL_DOWNLOADS]: Skill templates reference well-known external modules and tools from repositories like Gruntwork and the vendor's own benchmarking repo. These references follow standard infrastructure-as-code patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-controlled HCL configuration files, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Configuration is read from files like 'account.hcl' and 'env.hcl' using 'read_terragrunt_config'.\n
- Boundary markers: None identified.\n
- Capability inventory: The skill facilitates the generation and application of infrastructure changes via the 'terragrunt' and 'opentofu' CLI tools.\n
- Sanitization: Values are interpolated into templates without explicit sanitization.
Audit Metadata