scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security-first principles for Infrastructure as Code (IaC), emphasizing state encryption, environment separation, and private networking.
- [SAFE]: It explicitly warns against anti-patterns such as hardcoding credentials, using wildcard IAM permissions, or committing secrets to version control.
- [SAFE]: External tool references are limited to well-known and reputable industry standards for linting and security scanning, such as Checkov, tfsec, TFLint, and Gitleaks.
- [SAFE]: Local development templates (Docker Compose) use standard placeholders and follow best practices for volume management and service health checks.
- [SAFE]: No evidence of prompt injection, data exfiltration, or obfuscated code was found across the instruction files and references.
Audit Metadata