Back to skill

Security audit

Terraform Ai Skills

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for legitimate Terraform maintenance, but it can automatically change many repositories and publish GitHub releases without strong built-in safeguards.

Review and modify this skill before use in any organization. Run only against a small test repository first, require explicit repo lists, inspect diffs before committing, avoid direct pushes and release creation until reviewed, and use narrowly scoped GitHub tokens. Treat config files as executable shell code, not safe data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The contributing guide explicitly suggests adding Slack webhook notifications and includes a concrete outbound transmission example, but it does not warn that repository names, scan results, change summaries, or other operational data may be sent to a third-party service. In a skill intended for bulk automation across many Terraform repositories, this increases the chance that users will unknowingly exfiltrate sensitive metadata or findings outside their controlled environment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This section promotes bulk provider upgrades, workflow standardization, and release creation across many repositories, but it does not clearly warn users that these actions can modify numerous repositories and publish releases at scale. In an agent skill context, missing explicit guardrails increases the chance of accidental mass changes, CI disruption, or unintended release publication if a user invokes the recommended prompts without understanding the blast radius.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This example explicitly promotes running a full maintenance prompt that upgrades modules, fixes workflows, creates releases, and updates examples across many repositories, but it does not warn users about the scale or consequences of those actions. In an agent skill designed for bulk repository management, omission of confirmation, scoping, and review guidance increases the risk of accidental mass modification and release of unintended changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The phrase 'upgrade all AWS provider versions' encourages broad edits across all repositories matching the configured pattern without any nearby caution about scope, validation, or approval. Because this skill targets 10–200+ repositories, a user could unintentionally trigger sweeping provider upgrades that break compatibility or alter production infrastructure code en masse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Standardizing workflows across all Azure modules can overwrite CI/CD definitions, secrets handling, permissions, and deployment behavior in multiple repositories, yet the example lacks any warning about those effects. CI workflow changes are particularly sensitive because they can affect build integrity, release automation, and security scanning across an organization.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The multi-provider example tells Copilot to use a config and 'upgrade all AWS modules' but does not clarify that this can propagate automated changes to every matched module repository. The missing warning is more dangerous in this context because config-driven targeting can make broad actions feel routine and easy to invoke without appreciating the blast radius.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The migration guide encourages users to 'run full maintenance' as part of adopting the skill, but it does not warn that this may trigger large-scale automated repository modifications, workflow changes, and releases. Migration documentation carries extra weight because users may follow it as a trusted onboarding path, increasing the chance of accidental organization-wide changes.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The documentation provides a broad natural-language command that can cause an agent to perform sweeping maintenance across many Terraform repositories without clearly requiring confirmation, scoping, or a dry run. In this skill’s context, those actions include provider upgrades, workflow changes, and release creation, so an over-permissive invocation can lead to unintended large-scale code and infrastructure-affecting changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section normalizes fully automated multi-repo updates and GitHub release creation as expected outcomes, but it does not prominently warn that these are high-impact write operations affecting many repositories. In a skill explicitly designed for bulk Terraform maintenance across 10–200+ repos, the lack of strong warnings, approval checkpoints, and rollback guidance increases the chance of accidental mass changes and release of unreviewed updates.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation repeatedly promotes bulk operations across 10–200+ repositories, including workflow changes, provider upgrades, and release actions, but does not place a prominent explicit warning near the activation instructions that these actions can modify many repositories and may trigger remote side effects. In an agent-skill context, understated warnings increase the chance of accidental large-scale changes by a user or autonomous assistant, especially because the skill is optimized for speed and scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The release creation section states that it generates changelogs, creates semantic version tags, and publishes GitHub releases, but it does not provide an explicit warning that these actions alter repository history and can cause externally visible publication events. In an AI-assisted workflow, omission of that warning makes unintended release publication more likely, particularly when combined with copy-pasteable commands and a 'recommended' full-maintenance flow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to run a "full-maintenance" workflow across AWS, GCP, Azure, and DigitalOcean repositories without any warning about review gates, dry-run requirements, or potentially destructive side effects. In the context of infrastructure automation, maintenance workflows can modify providers, CI/CD, releases, and security settings at scale, so omitting safety guidance increases the risk of unintended broad changes across many repositories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples encourage bulk multi-repo maintenance actions, including workflow changes and release creation, without prominent warnings about scope, external side effects, or the need for dry-run/review gates. In this skill’s context, those actions can touch 10–200+ repositories and trigger irreversible or wide-reaching changes, making operator misuse or over-trust more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Azure example normalizes bulk release creation as a simple command flow but does not warn that creating releases is an external, potentially irreversible action that may publish tags/artifacts across many repositories. Given this skill is specifically designed for bulk operations at scale, omission of that warning materially increases the chance of accidental mass publication.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs bulk in-place edits across multiple repositories and automatically stages and commits the changes without any user confirmation, dry-run gate, or per-repository approval. In a skill explicitly designed to operate across 10–200+ Terraform module repositories, a bad configuration, overly broad repository match, or incorrect replacement pattern can rapidly propagate unintended changes and create a large-scale integrity and operational issue.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script executes `source "$config"` on every matching file in `config/*.config`, which causes any shell code in those files to run with the privileges of the test process. In a repository automation skill that bulk-manages many Terraform module repositories, a malicious or tampered config file could achieve arbitrary command execution in CI or maintainer environments, making this more dangerous than a local-only validation mistake.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.