Terraform Ai Skills

The skill bundle is designed for legitimate Terraform module management, utilizing standard DevOps tools like `terraform`, `git`, and `gh`. It requests broad `filesystem` and `network` permissions, which are plausible for its stated purpose. However, the `run-with-provider.sh` script executes `bash "$SCRIPT_PATH" $ARGS` where `ARGS` is passed directly from user input without explicit sanitization. This creates a shell injection vulnerability (potential RCE) if a malicious user or a compromised AI agent provides crafted input for `ARGS`. While the skill's internal prompts and documentation emphasize safety and do not demonstrate malicious intent, this critical vulnerability, combined with the broad permissions, classifies it as 'suspicious' rather than 'benign' or 'malicious'.