skills/terraform-ibm-modules/terraform-ibm-modules-skills/terraform-ibm-modules-solution-builder/Gen Agent Trust Hub
terraform-ibm-modules-solution-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (MEDIUM): The skill instructs the agent to execute
terraform init,terraform validate, andterraform planon dynamically generated configuration files. - Evidence: Found in
SKILL.mdunder 'Step 5: Validate' and the 'Example Workflow' section. - Risk:
terraform initis designed to download external modules and provider binaries. If the skill generates configuration pointing to malicious or compromised sources, this results in arbitrary code execution on the host system. - [External Downloads] (LOW): The skill retrieves metadata and code samples via
curlfrom the Terraform Registry and GitHub. - Evidence: Referenced throughout
SKILL.mdandreferences/alternative-discovery-workflows.md. - Source:
registry.terraform.io,api.github.com, andraw.githubusercontent.com. - Risk: While these are standard infrastructure domains, the specific organization (
terraform-ibm-modules) is not included in the pre-defined list of Trusted GitHub Organizations, requiring caution regarding the integrity of fetched content. - [Indirect Prompt Injection] (LOW): The skill processes data from external APIs to influence its code generation and command execution logic.
- Ingestion points:
registry.terraform.io(module metadata),api.github.com(repository listings), andraw.githubusercontent.com(template code). - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the fetched data.
- Capability inventory: Subprocess execution of the
terraformCLI (SKILL.md). - Sanitization: Absent; the skill lacks validation or escaping logic for the content retrieved from remote sources before using it in configuration generation.
Audit Metadata