refactor-module
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes existing Terraform configurations from a user-specified directory, which creates an indirect prompt injection surface. Data ingested from these files could potentially contain instructions aimed at influencing the agent's behavior during the refactoring task.
- Ingestion points: Terraform source files located in the
source_directory. - Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore instructions embedded within the processed Terraform code.
- Capability inventory: The skill utilizes shell command execution (e.g.,
terraform state mv,terraform plan) and file system write operations to restructure the configuration. - Sanitization: Absent; the skill relies on the agent's ability to interpret Terraform syntax without explicit sanitization steps for the input data.
- [EXTERNAL_DOWNLOADS]: The skill references external style guides and module specifications hosted on HashiCorp's official GitHub repository. These are well-known resources for Terraform development and are used here to provide additional context for the refactoring process.
Audit Metadata