Skills
skills/spartan-stratos/spartan-ai-toolkit/terraform-module-creator/Gen Agent Trust Hub

terraform-module-creator

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to utilize and publish infrastructure modules within a specific external GitHub organization and Terraform Registry namespace (c0x12c).
  • Evidence: The instructions in SKILL.md explicitly point to https://registry.terraform.io/namespaces/c0x12c and https://github.com/c0x12c/ for module distribution and consumption.
  • Risk: This source is not a recognized trusted vendor nor is it associated with the skill's author (spartan-stratos). Using unverified third-party modules can lead to the deployment of malicious or insecure infrastructure configurations.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its handling of untrusted input during code generation.
  • Ingestion points: The skill prompts the user for the Module name, Resources managed, and Consumers at the start of the process (Step 1 in SKILL.md).
  • Boundary markers: No boundary markers or 'ignore' instructions are used to separate user-provided metadata from the code generation templates.
  • Capability inventory: The agent uses Write and Edit tools to create .tf files based on the provided inputs.
  • Sanitization: There is no evidence of sanitization or validation performed on the user-provided strings before they are interpolated into the generated HCL code (e.g., in resource names, descriptions, or tags).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 01:07 PM