yangshu2087/terrashark
vendor/skills/skilltrust-curated/terrashark/SKILL.md
Use when explicitly reviewing, generating, refactoring, or migrating Terraform/OpenTofu IaC and checking failure modes such as identity churn, secrets, blast radius, CI drift, or compliance gates.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add yangshu2087/Codex terrasharkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:37 PM21.5s21 files scanned
SKILL.md
- name:
- terrashark
- description:
- Use when explicitly reviewing, generating, refactoring, or migrating Terraform/OpenTofu IaC and checking failure modes such as identity churn, secrets, blast radius, CI drift, or compliance gates.
Terrashark: Failure-Mode Workflow for Terraform/OpenTofu
Run this workflow top to bottom.
1) Capture execution context
Record before writing code:
- runtime (
terraformortofu) and exact version - provider(s), target platform, and state backend
- execution path (local CLI, CI, HCP Terraform/TFE, Atlantis)
- environment criticality (dev/shared/prod)
If unknown, state assumptions explicitly.
2) Diagnose likely failure mode(s)
Select one or more based on user intent and risk:
- identity churn: resource addressing instability, refactor breakage
- secret exposure: secrets in state, logs, defaults, artifacts
- blast radius: oversized stacks, weak boundaries, unsafe applies
- CI drift: version mismatch, unreviewed applies, missing artifacts
- compliance gate gaps: missing policies/approvals/audit controls
3) Load only the relevant reference file(s)
Primary references:
references/identity-churn.mdreferences/secret-exposure.mdreferences/blast-radius.mdreferences/ci-drift.mdreferences/compliance-gates.md
Supplemental references (only when needed):
references/testing-matrix.mdreferences/quick-ops.mdreferences/examples-good.mdreferences/examples-bad.mdreferences/examples-neutral.mdreferences/coding-standards.mdreferences/module-architecture.mdreferences/ci-delivery-patterns.mdreferences/security-and-governance.mdreferences/do-dont-patterns.mdreferences/mcp-integration.md
4) Propose fix path with explicit risk controls
For each fix, include:
- why this addresses the failure mode
- what could still go wrong
- guardrails (tests, approvals, rollback)
5) Generate implementation artifacts
When applicable, output:
- HCL changes (typed vars, stable keys, bounded versions)
- migration blocks (
moved, import strategy) - CI pipeline updates (plan/apply separation, artifacts, policy checks)
- compliance controls (approvals, policy rules, evidence paths)
6) Validate before finalize
Always provide command sequence tailored to runtime and risk tier. Never recommend direct production apply without reviewed plan and approval.
7) Output contract
Return:
- assumptions and version floor
- selected failure mode(s)
- chosen remediation and tradeoffs
- validation/test plan
- rollback/recovery notes for destructive-impact changes
Related Skills
yangshu2087/stitch-ui-prompt-architect
development
VerifiedTrustedCommunity
Use when the user explicitly mentions Google Stitch and wants a structured Stitch-ready UI prompt or prompt refinement from rough product/design ideas.
SKILL.mdUpdated Apr 16, 2026
yangshu2087/stitch-react-components
development
VerifiedTrustedCommunity
Use when the user explicitly mentions Google Stitch and asks to convert Stitch designs into Vite, CRA, or generic React components.
SKILL.mdUpdated Apr 16, 2026
yangshu2087/stitch-nextjs-components
development
VerifiedTrustedCommunity
Use when the user explicitly mentions Google Stitch and asks to convert Stitch designs into Next.js App Router components.
SKILL.mdUpdated Apr 16, 2026
yangshu2087/stitch-design-system
development
VerifiedTrustedCommunity
Use when the user explicitly mentions Google Stitch and wants design tokens, CSS custom properties, Tailwind theme guidance, or code-level design-system artifacts.
SKILL.mdUpdated Apr 16, 2026