tfc-run-logs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches infrastructure run metadata and logs from app.terraform.io. This is a well-known service for infrastructure-as-code management, and the network operations are necessary for the skill's primary function.
- [COMMAND_EXECUTION]: Employs standard system utilities including curl, jq, and sed. These tools are used to navigate the Terraform Cloud API, extract specific IDs, and filter the resulting logs.
- [CREDENTIALS_UNSAFE]: Utilizes the TFE_TOKEN environment variable to authenticate requests to the Terraform Cloud API. The implementation follows standard practices for API authentication via bearer tokens.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting external data (Terraform logs) which are then processed by the agent.
- Ingestion points: Data retrieved from logs URLs (log-read-url) via curl commands in the shell scripts.
- Boundary markers: None are present to wrap the log output.
- Capability inventory: The skill allows the execution of Bash commands and file reading.
- Sanitization: The skill includes a sed command (sed 's/\x1b[[0-9;]*m//g') specifically designed to strip ANSI escape codes, which mitigates terminal-based injection and formatting issues.
Audit Metadata