terraform-module-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and references/MCP-TOOLS.md) instructs the agent to call MCP tools that fetch public third-party content—e.g., mcp_terraform_search_modules / mcp_terraform_get_module_details against the public Terraform Registry and azure-documentation / azure-azureterraformbestpractices against public Azure docs—and explicitly uses those results to shape design decisions, so untrusted user-published registry modules and other public docs can materially influence the agent's actions.