charmkeeper-terraform
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill explicitly instructs the agent to 'run any additional ".sh" scripts in $TERRAFORM_MODULE/tests'. This facilitates arbitrary code execution of scripts that may be present in untrusted project directories being analyzed or tested by the agent.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill references and downloads multiple configuration and workflow files from
raw.githubusercontent.com/canonical/. As 'canonical' is not on the Trusted GitHub Organizations list, these sources are considered unverified. - PRIVILEGE ESCALATION (HIGH): The VM setup script (
scripts/create-charmkeeper-vm.sh) executessudo snap install concierge --classic. Classic confinement allows the snap to access system resources outside of its sandbox, posing a risk to the virtual environment. - INDIRECT PROMPT INJECTION (LOW): The skill possesses a significant attack surface by ingesting untrusted data from local terraform modules and executing logic based on it.
- Ingestion points: Files located in
terraform/andterraform/tests/folders of the target project. - Boundary markers: None. No instructions are provided to ignore embedded commands or instructions within the processed project files.
- Capability inventory: Use of
multipass execto runterraform init,terraform test, and arbitrary.shscripts. - Sanitization: None. The skill blindly executes scripts found in the directory structure.
Recommendations
- AI detected serious security threats
Audit Metadata