terraform-ops

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate infrastructure management guidance and utility scripts.
  • Verified Dependencies: The workflow file assets/github-actions-terraform.yml references several third-party GitHub Actions. All identified actions originate from well-known and reputable organizations including HashiCorp, AWS, Aqua Security, and the GitHub-maintained actions organization.
  • Secure Networking: The script scripts/check-action-refs.sh performs network requests using curl to the official GitHub API (api.github.com) solely for the purpose of resolving and verifying the existence of action references. This aligns with the [TRUST-SCOPE-RULE] for well-known services.
  • Security Best Practices: The skill actively promotes security-first configurations, such as the use of OpenID Connect (OIDC) to eliminate long-lived credentials and the implementation of ephemeral secrets management in Terraform 1.10+.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 07:50 PM
Security Audit — agent-trust-hub — terraform-ops