terragrunt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly configures and uses a Terragrunt catalog via Git URLs (see root.hcl catalog.urls and the "terragrunt catalog"/"terragrunt scaffold" flows in SKILL.md and README) which fetches arbitrary GitHub repositories and their boilerplate.yml/units, so untrusted third-party repository content is ingested and can influence scaffolding and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains Git-based module/catalog sources used at runtime (e.g., git@github.com:YOUR_ORG/infrastructure-catalog.git and git::git@github.com:YOUR_ORG/modules/rds.git//app?ref=${values.version}) which Terragrunt will fetch as required dependencies and which can execute remote Terraform/OpenTofu code, so they pose a high-risk runtime external dependency.