iac-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): No sensitive data access or exfiltration patterns detected. The Terraform and Pulumi examples use best-practice variable interpolation and placeholders for bucket names and regions.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download or execute code from remote sources. All logic is contained within the local validation script.
- [COMMAND_EXECUTION] (SAFE): The
scripts/validate.pyscript performs only passive file system checks (existence and directory listing). It does not usesubprocess,os.system, or other functions to execute system commands. - [DYNAMIC_EXECUTION] (SAFE): The validation script uses
yaml.safe_load()for parsing configuration files, which correctly prevents unsafe deserialization of arbitrary objects. - [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found in the markdown or metadata.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or private secrets are present. Infrastructure examples correctly demonstrate the use of IAM roles and variables.
Audit Metadata