terraform-style-check
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions are purely focused on Terraform HCL formatting and structure. No bypass markers, role-play instructions, or attempts to extract system prompts were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths are present. The skill explicitly warns against hardcoding secrets and provides examples of using the
sensitive = trueattribute for security. - Remote Code Execution & Downloads (SAFE): The skill does not attempt to download external scripts or execute remote code. Mentioned CLI tools like
terraform fmtandtflintare standard industry tools for the domain and are not invoked by the skill itself. - Indirect Prompt Injection (LOW): The skill's primary purpose is to review or generate Terraform code, which involves processing untrusted user input. However, it lacks any high-risk capabilities (such as subprocess execution, network requests, or file writing) that could be exploited if malicious HCL was processed. This surface is well-contained.
- Security Best Practices (SAFE): The skill includes a dedicated security section advocating for encryption at rest, private networking, and the principle of least privilege.
Audit Metadata