iac-security
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Includes defensive instructions specifically designed to prevent the agent from following directives embedded in analyzed files, such as scanner suppression comments (#checkov:skip) or inline claims of compliance.
- [DATA_EXPOSURE]: Evaluates IaC files for hardcoded secrets and credentials as part of its intended security review function. It does not attempt to access or exfiltrate the agent's own credentials or environment variables.
- [INDIRECT_PROMPT_INJECTION]: • Ingestion points: Processes external IaC templates and configuration files (SKILL.md). • Boundary markers: Explicitly instructs the agent to ignore embedded instructions and treat strings as data (SKILL.md). • Capability inventory: Limited to file system read and search tools (Read, Grep, Glob); no network or arbitrary execution capabilities. • Sanitization: Instructions mandate disregarding inline claims and suppression directives in favor of technical configuration analysis.
Audit Metadata