Skills
NYC
skills/manutej/luxor-claude-marketplace/terraform-infrastructure-as-code/Gen Agent Trust Hub

terraform-infrastructure-as-code

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses a piped download pattern to install the HashiCorp keyring (wget | sudo gpg). This involves executing network data directly with root privileges.
  • COMMAND_EXECUTION (HIGH): The skill explicitly supports and provides examples for local-exec and remote-exec provisioners, which allow the agent to execute arbitrary shell commands on both the local host and remote infrastructure.
  • EXTERNAL_DOWNLOADS (LOW): Downloads external GPG keys from apt.releases.hashicorp.com. This finding is downgraded to LOW per [TRUST-SCOPE-RULE] because HashiCorp is a trusted organization, though the execution pattern remains high risk.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://apt.releases.hashicorp.com/gpg - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 11:29 PM