terraform

SUSPICIOUS: the skill is not overtly malicious, and its CLI comes from an official npm package, but the actual footprint is a Membrane broker skill more than a direct Terraform skill. Authentication, connection state, and action execution are routed through Membrane-managed infrastructure, so credentials and operational data flow to a third-party control plane that the description downplays. Main concerns are third-party credential handling, indirect data flows, and unpinned `@latest` CLI installation.