iac-scan-checkov
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from IaC files (Terraform, Kubernetes, etc.) and possesses command execution capabilities. Findings include:
- Ingestion points: Target files and directories identified in step 1 and 2 (e.g.,
main.tf,<target-path>). - Boundary markers: Absent. There are no instructions provided to the agent to treat the content of the files as data rather than instructions.
- Capability inventory: Execution of the
checkovCLI tool via bash, which involves reading and parsing file contents. - Sanitization: Absent. The skill does not define methods to sanitize input paths or file contents before processing.
- Command Execution (MEDIUM): The skill relies on executing shell commands (
checkov -d <target-path>) based on user-provided directory or file paths. If the agent does not strictly validate the input for<target-path>, this could lead to shell injection vulnerabilities. - External Downloads (MEDIUM): The skill requires the installation of an external dependency via
pip install checkov. While Checkov is a well-known security tool, runtime package installation introduces supply-chain risks if not managed through a locked or verified environment.
Recommendations
- AI detected serious security threats
Audit Metadata