Trust Assessment
terraform-gen received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Direct user input used in LLM prompt without sanitization, Dependencies not strictly pinned in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct user input used in LLM prompt without sanitization The `description` argument, which is direct user input from the command line, is directly embedded into the `user` role message sent to the OpenAI API. This allows a malicious user to craft input that could attempt to override the system prompt, manipulate the LLM's behavior, or elicit unintended responses, potentially leading to the generation of insecure or malicious Terraform configurations. For example, a user could try to instruct the LLM to ignore previous instructions or generate non-Terraform content. Implement robust input sanitization or use techniques like prompt templating with clear delimiters (e.g., XML tags) to separate user input from system instructions. Instruct the LLM to only process content within those delimiters. Consider using a separate LLM call to validate or rephrase user input before passing it to the main generation prompt. | LLM | src/index.ts:9 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/terraform-gen/package.json | |
| INFO | Dependencies not strictly pinned in package.json The `package.json` file uses caret (`^`) ranges for dependencies (`commander`, `openai`, `ora`, `typescript`, `@types/node`). While `package-lock.json` provides exact versions, relying on caret ranges in `package.json` can lead to different versions being installed if the `package-lock.json` is not used or is outdated, potentially introducing unexpected behavior or vulnerabilities from newer minor/patch releases. This is a common practice but introduces a slight supply chain risk if build environments do not strictly adhere to `package-lock.json`. Pin all dependencies to exact versions in `package.json` (e.g., `"commander": "12.1.0"`) to ensure deterministic builds across all environments, even if `package-lock.json` is not strictly enforced. Regularly audit and update dependencies. | LLM | package.json:9 |
Scan History
Embed Code
[](https://skillshield.io/report/f89426be302debe2)
Powered by SkillShield