tfctl
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution]: The skill uses the
tfctlCLI to interact with cloud infrastructure. These operations are restricted to the intended purpose of managing Terraform workspaces, runs, and variables. - [Operational Constraints]: The instructions include 'Hard rules' that prevent the agent from performing destructive actions (like
-X DELETE) without human oversight and stop execution if resources are missing, which helps prevent unintended state changes or resource probing. - [Secure Parsing Practices]: By mandating the use of the built-in
--jqflag rather than piping to an external utility, the skill reduces the surface area for shell-related vulnerabilities. - [Indirect Prompt Injection Surface]: The skill processes data from Terraform Cloud API responses. It manages this surface by using structured data extraction via the built-in jq processor and defining clear error-handling behaviors.
Audit Metadata