tfc-run-logs
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches and displays Terraform Cloud plan and apply logs, which could contain malicious instructions designed to manipulate the agent.
- Ingestion points: External log content retrieved from Terraform Cloud API endpoints via
curlinSKILL.md. - Boundary markers: Absent. Log data is printed directly into the agent's session without delimiters or instructions to treat the content as untrusted.
- Capability inventory: The skill utilizes the
Bashtool for network operations (curl) and text parsing (jq,sed). - Sanitization: The skill removes ANSI color codes but does not escape or sanitize the textual content of the logs for potential prompt injection threats.
Audit Metadata