Skills
skills/pulumi/agent-skills/cloudformation-to-pulumi/Gen Agent Trust Hub

cloudformation-to-pulumi

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute aws cloudformation commands (get-template, list-stack-resources) to retrieve infrastructure configurations from the user's AWS account for conversion purposes.
  • [COMMAND_EXECUTION]: The skill utilizes the pulumi CLI and its associated plugins to perform migration tasks, including pulumi plugin run cdk-importer and pulumi import operations.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of Pulumi-authored plugins (cdk-importer, cdk2pulumi) using pulumi plugin install. As these originate from the skill's author (Pulumi), they are considered trusted vendor resources.
  • [PROMPT_INJECTION]: The skill processes CloudFormation templates which are external data sources, creating an indirect prompt injection surface. This is a standard risk for migration tools and is managed by the agent's instructions for manual conversion logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:00 AM