Skills
skills/laurigates/claude-plugins/tfc-run-logs/Gen Agent Trust Hub

tfc-run-logs

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl, jq, and sed to interact with the Terraform Cloud API and process the retrieved logs for display.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes logs from an external source (Terraform Cloud), which introduces a risk of indirect prompt injection if an attacker can influence the Terraform output.\n
  • Ingestion points: Content retrieved from TFC log URLs (PLAN_LOG_URL and APPLY_LOG_URL) in SKILL.md.\n
  • Boundary markers: Absent. The logs are displayed directly without delimiters or warnings to the agent.\n
  • Capability inventory: The skill leverages Bash and Read tools to execute API calls and read system information.\n
  • Sanitization: ANSI escape codes are stripped for readability, but there is no validation or sanitization of the actual content of the logs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:27 PM
Security Audit — agent-trust-hub — tfc-run-logs