tfc-list-runs
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including
curl,jq, andcolumnto interact with the Terraform Cloud API and format JSON responses into human-readable tables. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
app.terraform.io(or a user-definedTFE_ADDRESS). These requests are used to retrieve metadata about infrastructure runs, which is the stated purpose of the skill. Terraform Cloud is a well-known service. - [CREDENTIALS_UNSAFE]: The documentation correctly identifies the need for a
TFE_TOKENand recommends providing it via environment variables, which is a standard security practice for CLI tools to avoid hardcoding secrets.
Audit Metadata