Back to skill

Security audit

Terraform

Security checks across malware telemetry and agentic risk

Overview

This Terraform skill is a disclosed, read-oriented OOMOL connector integration, with no artifact evidence of hidden, destructive, or exfiltrating behavior.

Install this only if you are comfortable letting the agent query Terraform account, organization, workspace, and run information through OOMOL. For general Terraform advice, the skill may be invoked more broadly than necessary; keep an eye on the requested action and require explicit confirmation before any future write-capable connector action is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description instructs the agent to use this skill for ANY Terraform-related request without narrowing scope to specific safe operations. That broad routing can cause the agent to invoke this skill in situations where a direct answer, safer tool, or more context-specific handling would be more appropriate, increasing the chance of unintended data access or unsafe action selection if the skill later expands to include write capabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.