opentofu-coder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The file
references/post-provisioning.mdincludes a bash script template that executescurl -fsSL https://get.docker.com | sh. Piped remote execution (curl to shell) is a high-risk pattern that executes unverified code from external sources, bypassing package manager security controls.\n- COMMAND_EXECUTION (MEDIUM): The automation logic inreferences/makefile-automation.mdutilizes the$(shell ...)function and invokes several system binaries includingtofu,jq, andop. These allow the skill to execute arbitrary commands on the host system as part of the automation workflow.\n- DATA_EXFILTRATION (LOW): TheMakefileinreferences/makefile-automation.mdperforms a network request toifconfig.meto retrieve the local public IP address. While used for legitimate firewall whitelisting, this involves an outbound connection to an external third-party service.\n- PROMPT_INJECTION (LOW): The skill templates for HCL and Shell scripts ingest external variables (like server IPs and stack names) that could be manipulated. \n - Ingestion points: Variable interpolation in
references/post-provisioning.mdand CLI arguments inreferences/makefile-automation.md.\n - Boundary markers: Absent.\n
- Capability inventory: Includes SSH execution, OpenTofu resource management, and network operations.\n
- Sanitization: Relies on standard shell quoting which may be insufficient against sophisticated injection.
Audit Metadata