Skills
skills/majiayu000/claude-skill-registry/iac-scanner/Gen Agent Trust Hub

iac-scanner

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing security auditing tools from reputable sources such as Aqua Security's GitHub repository and the Python Package Index (PyPI).\n- [COMMAND_EXECUTION]: The instructions involve executing command-line utilities using npx, pip, brew, and go to perform infrastructure scans and manage tool installations.\n- [PROMPT_INJECTION]: The skill scans local infrastructure files which represents an indirect injection surface; however, the behavior is consistent with the skill's primary purpose of security auditing.\n
  • Ingestion points: Reads local project files for Terraform, Kubernetes, and CloudFormation.\n
  • Boundary markers: Absent in the instructions.\n
  • Capability inventory: Uses npx iac-scanner, tfsec, and checkov to analyze files.\n
  • Sanitization: Not applicable for the wrapper instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 04:41 PM