The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation in references/tfpluginschema.md directs the user to download a binary tool (tfpluginschema) from a personal GitHub repository (github.com/matt-FFFFFF/tfpluginschema). This source is not recognized as a trusted organization or a well-known service provider, introducing a supply chain risk.
[REMOTE_CODE_EXECUTION]: Installation instructions for the tfpluginschema tool include downloading archives from the internet and piping the output directly to extraction commands (tar -xz) or using Invoke-WebRequest to download and expand binaries into system paths (/usr/local/bin). This pattern of fetching and deploying unverified binaries is a high-risk security practice.
[COMMAND_EXECUTION]: The skill includes shell and PowerShell scripts (scripts/azure-schema and scripts/azure-schema.ps1) that perform network operations and local file system interactions using commands like curl, jq, and Invoke-WebRequest to manage schema data.
[EXTERNAL_DOWNLOADS]: The resource schema query scripts download data from the official Azure Verified Modules support repository on GitHub (github.com/Azure/bicep-types-az). This is consistent with the skill's stated purpose for Azure module development.

avm-terraform-module-development