terraform-ops
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate infrastructure management guidance and utility scripts.
- Verified Dependencies: The workflow file
assets/github-actions-terraform.ymlreferences several third-party GitHub Actions. All identified actions originate from well-known and reputable organizations including HashiCorp, AWS, Aqua Security, and the GitHub-maintainedactionsorganization. - Secure Networking: The script
scripts/check-action-refs.shperforms network requests usingcurlto the official GitHub API (api.github.com) solely for the purpose of resolving and verifying the existence of action references. This aligns with the [TRUST-SCOPE-RULE] for well-known services. - Security Best Practices: The skill actively promotes security-first configurations, such as the use of OpenID Connect (OIDC) to eliminate long-lived credentials and the implementation of ephemeral secrets management in Terraform 1.10+.
Audit Metadata