Skills
skills/snyk/studio-recipes/iac-security/Gen Agent Trust Hub

iac-security

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [SAFE]: The skill is a defensive security tool designed to identify and fix infrastructure vulnerabilities. No malicious patterns such as obfuscation, persistence, or privilege escalation were detected.
  • [COMMAND_EXECUTION]: The skill utilizes the terraform CLI and bash to generate infrastructure plan files in JSON format. This is the standard industry practice for performing deep security analysis of Terraform configurations before deployment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted infrastructure configuration files.
  • Ingestion points: IaC files such as .tf, .yaml, and .json (referenced in SKILL.md).
  • Boundary markers: Absent; no specific delimiters or warnings for embedded instructions are defined.
  • Capability inventory: Uses Bash, Write, and snyk_iac_scan to process and analyze files (referenced in SKILL.md).
  • Sanitization: Absent; the skill relies on the underlying scanner to parse the data.
  • [DATA_EXFILTRATION]: The skill accesses local configuration files and environment variables necessary for infrastructure scanning. No evidence was found of sensitive data being transmitted to unauthorized external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 10:42 PM