terraform-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation promotes the use of 'npx ai-terraform', which fetches the specified package from the public npm registry.
- [REMOTE_CODE_EXECUTION]: Execution via 'npx' allows code from the 'ai-terraform' package to run on the local environment. This package is provided by LXGIC Studios, an entity not included in the trusted vendor list.
- [COMMAND_EXECUTION]: The skill's primary function is delivered through the execution of shell commands ('npx') by the user.
- [PROMPT_INJECTION]: The skill accepts natural language descriptions to generate code, creating an indirect prompt injection surface where malicious input could influence infrastructure generation. (Ingestion points: npx command arguments; Boundary markers: None; Capability inventory: Terraform HCL generation; Sanitization: Unknown).
- [NO_CODE]: The provided 'SKILL.md' file contains only documentation and instructions. It does not contain any functional code, scripts, or internal logic.
Audit Metadata