infrastructure-coder
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs local static analysis of infrastructure configuration files (Terraform, Kubernetes, Dockerfiles) using included Python scripts. These scripts (e.g., 'terraform-module-scanner.py') use regex to extract resource data and identify misconfigurations without performing network operations or accessing sensitive credentials.
- [SAFE]: The 'Dashboard' feature generates a local HTML report to visualize analysis findings. The rendering logic in 'templates/dashboard.html' includes an HTML escaping function ('escH') to sanitize data extracted from user files, protecting against potential cross-site scripting (XSS) from malicious file content.
- [SAFE]: The skill instructions and reference materials promote security-first IaC development, such as mandating non-root users in Dockerfiles, requiring resource limits in Kubernetes, and using least-privilege IAM policies.
- [SAFE]: No remote code execution (RCE) via shell pipes, obfuscation, or unauthorized credential access patterns were detected. The use of 'uv run' is limited to executing the skill's own local scripts for intended functionality.
Audit Metadata