setting-up-terraform
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and template guide for infrastructure provisioning. It contains no executable malicious scripts and focuses on educational instructions for project structure.
- [EXTERNAL_DOWNLOADS]: The instructions reference the official AWS provider from HashiCorp. HashiCorp is a well-known and established service provider in the infrastructure space, and downloads from its official registries are considered safe.
- [COMMAND_EXECUTION]: The skill describes the use of standard, non-malicious Terraform commands (
terraform fmt,terraform validate,terraform plan,terraform apply) intended for use in local development and standard CI/CD pipelines. - [DATA_EXFILTRATION]: No data exfiltration patterns were detected. On the contrary, the skill explicitly provides security guidance to avoid committing sensitive state files and
.tfvarssecrets to version control. - [PROMPT_INJECTION]: Analysis of indirect injection surfaces:
- Ingestion points: User-provided infrastructure requirements and cloud provider details.
- Boundary markers: The skill does not explicitly define markers but operates as a passive template guide.
- Capability inventory: Filesystem write operations for Terraform configuration files.
- Sanitization: None specified within the skill body, but instructions emphasize safe secret management via environment variables and gitignore patterns.
Audit Metadata