terraform-style-guide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The agent is instructed to run local Python scripts 'scripts/resolve_style_guides.py' and 'scripts/validate_trigger_matrix_sync.py' to manage skill activation and validation logic.- [COMMAND_EXECUTION]: The skill provides an extensive matrix of shell commands for the agent to execute across multiple languages (e.g., 'terraform', 'tflint', 'ruff', 'checkov', 'eslint', 'dotnet'), intended for CI gates and local autofixing.- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection (Category 8) is present.
- Ingestion points: Processes '.tf' and '.tfvars' files which are potentially attacker-controlled in a pull request context.
- Boundary markers: No specific markers or instructions to ignore embedded directions in source files are present.
- Capability inventory: The skill can execute various CLI tools and local scripts that take file paths as arguments.
- Sanitization: No explicit instructions for sanitizing file paths or validating inputs to the automation scripts are provided.
Audit Metadata