terraform-consumer-implement
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from GitHub issues that could contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: Reads data from 'gh-issue.json' and uses the 'gh issue view' command to retrieve issue details.
- Boundary markers: None. The instructions do not specify any delimiters or safety prompts to isolate external content from the GitHub issue.
- Capability inventory: Includes executing 'terraform' commands (init, plan, apply), 'gh' CLI commands for issue/PR management, and execution of local bash scripts.
- Sanitization: No sanitization or validation of external input is mentioned or implemented.
- [COMMAND_EXECUTION]: The skill executes system-level commands including 'terraform' and the GitHub 'gh' CLI. It also runs a local bash script located at '/workspace/.specify/scripts/bash/validate-env.sh'. While these are core to the skill's functionality, they provide a significant attack surface if the agent's logic is subverted by malicious input from the processed GitHub issues.
Audit Metadata