iac-scan-checkov
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the 'checkov' package via pip. While Checkov is a legitimate security tool, it is an external dependency that is not part of the provided trusted source list.
- [COMMAND_EXECUTION] (MEDIUM): The instructions direct the agent to execute shell commands (e.g., 'checkov -d ') and use shell redirection ('> checkov-results.json'), which involves subprocess spawning and file system write operations.
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted external data (Infrastructure as Code files) and parses the resulting scan data to formulate summaries and remediation advice. Evidence Chain: 1. Ingestion point: Local IaC files and the generated 'checkov-results.json' file. 2. Boundary markers: No delimiters or instructions to ignore embedded content are present. 3. Capability inventory: Execution of the checkov binary via shell and reading the resulting JSON file for analysis. 4. Sanitization: No sanitization of the input files or the scanner output is specified before the agent processes and summarizes the findings.
Audit Metadata