Scaffold
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected across the skill files and references.
- [COMMAND_EXECUTION]: The skill provides instructions for using standard DevOps and infrastructure tools such as Terraform, Infracost, and Docker Compose. These commands are used for legitimate purposes like syntax validation, policy checks, and resource provisioning.
- [EXTERNAL_DOWNLOADS]: The skill references industry-standard pre-commit hooks and security scanners from well-known repositories, including Checkov, Gitleaks, and Anton Babenko's Terraform modules. These are used to enhance the security posture of the generated infrastructure.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies user requirements as an input surface. It mitigates potential risks by implementing a multi-phase workflow (ASSESS, DESIGN, IMPLEMENT, VERIFY) and mandating the use of security policies (OPA, Sentinel) and static analysis tools (tfsec, Checkov) to validate any proposed changes.
Audit Metadata