skills/polarsource/polar/render-env/Gen Agent Trust Hub

render-env

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes terraform fmt -recursive terraform via the Bash tool to format the generated Terraform files. This is a standard development operation within the intended scope.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it interpolates user-provided input into code files.
  • Ingestion points: The skill accepts <name> and <description> as positional arguments from the user.
  • Boundary markers: Absent. The inputs are directly placed into HCL (HashiCorp Configuration Language) templates without delimiters or 'ignore' instructions.
  • Capability inventory: The skill utilizes Edit and Write tools to modify .tf files and Bash to execute commands.
  • Sanitization: No sanitization or escaping is performed on the user-provided strings, which could allow a malicious user to inject extra HCL resources or close existing blocks prematurely.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 12:04 PM
Security Audit — agent-trust-hub — render-env