Skills

terraform

Installation
SKILL.md

Terraform Code Review Rules

Security (Critical)

  • Interpolation Safety: Never use ${} or {{}} interpolation with unvalidated or undeclared input. Always sanitize and declare variables prior to use
  • Comment Hygiene: HTML comment syntax (<!-- -->) is not valid in Terraform files and must be flagged as an error if present. Use only valid Terraform comment syntax (# or //). Provide reasons for non-obvious configurations directly alongside related resources
  • Variable Declaration: All variables and locals must be declared before use. Flag undeclared references
  • Never hardcode secrets, credentials, or API keys
  • Use environment variables or secret managers for sensitive values
  • Mark sensitive variables and outputs with sensitive = true
  • Enable encryption at rest for storage resources
  • Apply least privilege IAM policies
  • Use private subnets and security groups appropriately
Installs
2
Repository
yldgio/codereview-skills
First Seen
Mar 30, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
terraform — yldgio/codereview-skills