cost-check
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to detect IaC files and verify the presence of cost analysis tools like Infracost and Finfocus. It also runs a markdown linter on generated reports.
- [COMMAND_EXECUTION]: The skill dynamically determines the correct subcommands for the Finfocus tool by parsing its help output at runtime, which is used to perform the actual cost estimation.
- [EXTERNAL_DOWNLOADS]: The skill references external documentation and source repositories for cost tools such as Infracost and Finfocus. These represent standard external dependencies for infrastructure management.
- [PROMPT_INJECTION]: The skill ingests data from local project files including .cost-check.yml, Pulumi.yaml, and Terraform files to generate reports. Ingestion points: Local configuration and IaC definition files. Boundary markers: None. Capability inventory: Execution of specific CLI tools and local file writing. Sanitization: Not explicitly implemented for the ingested configuration data.
Audit Metadata