tfc-plan-json
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches infrastructure plan data from the official Terraform Cloud API at app.terraform.io. These downloads are from a well-known service and are used for the skill's primary purpose of infrastructure analysis.
- [COMMAND_EXECUTION]: Uses Bash with curl and jq to interact with the Terraform Cloud API and process JSON responses. The commands are structured and use standard arguments for downloading data and filtering JSON fields.
- [CREDENTIALS_UNSAFE]: The skill relies on the TFE_TOKEN environment variable for authentication. It does not contain any hardcoded secrets; it provides instructions for the user to set their own token in the environment. The token is transmitted securely via HTTPS in the Authorization header.
- [PROMPT_INJECTION]: The skill processes external data in the form of Terraform plan JSON. While this constitutes an indirect ingestion surface, the processing is limited to structured data parsing via jq, and there are no instructions present that attempt to override agent behavior or bypass safety filters.
Audit Metadata