Skills
skills/oimiragieo/agent-studio/terraform-infra/Gen Agent Trust Hub

terraform-infra

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The main execution script scripts/main.cjs uses child_process.spawn to run the terraform CLI with arguments passed directly from the process. It lacks any logic to filter or validate these arguments, allowing for the execution of any valid Terraform command, including destructive ones.
  • [PROMPT_INJECTION]: The documentation in SKILL.md includes 'Safety Controls' and 'Iron Laws' that claim to block commands like destroy and state-rm. Since these constraints are not implemented in the code, they serve only as natural language instructions for the agent, which can be bypassed or overridden through prompt injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The skill reads .tf files from the working directory (SKILL.md). 2. Boundary markers: No delimiters or warnings are used when processing these files. 3. Capability inventory: The main.cjs script can execute any Terraform command, which can modify cloud resources or local files. 4. Sanitization: No sanitization or validation of the ingested infrastructure code is performed before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 01:28 PM