Star0

Terragoat

TRUSTED · 90
Community indexed

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Downloads 0
Stars 1.3K
Version 1.0.0
Quality 84/100 · Strong
Trust 90/100 · Production candidate
Audit 84/100 · Safe to try

Supply asset profile

Coding and developer agents

Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills.

Browse track

Scenario

Coding agents

I need a coding agent that can understand a repository, edit code, and review pull requests.

Agent fit

Claude Code + CLI + Codex

Codex, Claude Code, Cursor, CLI, or custom agents.

Install

Ready

npx skills add bridgecrewio/terragoat

Maintenance

stable

11mo since push

Risk

Safe to try

Quality score needs review

GitHub quality

1.3K

84/100 quality · 90/100 trust

Coverage tags

CodingCoding agentsdevopsterraforminfrastructure

Review notes

Quality score needs review

Agent adoption scorecard

Trust, audit, and install readiness at a glance

These scores combine public repository metadata, OpenAgentSkill review signals, maintenance freshness, and install readiness. They are a shortlist signal, not a replacement for human review.

Quality

Strong
84

Solid option that is likely worth shortlisting for production workflows.

Trust

Production candidate
90

Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.

Audit

Safe to try
84

Install readiness, security metadata, maintenance, and adoption risk.

Trust Score v3

Agent install candidate

Shortlist for production use, then run a normal repository and dependency review.

HCLTerraformCodexClaude CodeCursor

Stars

1.3K GitHub stars

Repo activity

1.3K stars, 5.8K forks

Maintenance

11mo since push

License

Apache-2.0

Install

npx skills add bridgecrewio/terragoat

Install safety

standard package or runtime install path

Permission surface

filesystem or document access

Docs

Strong README/SKILL.md context

Risk summary

Low metadata risk

  • Quality score needs review

Install readiness

Install path available

  • Install path is available
  • Repository evidence is available
  • License is declared
  • 11mo since push

Agent-readable metadata

Machine-readable decision data for this skill.

Use this block or the embedded JSON to decide whether an agent should install this skill, choose an alternative, or ask for human review first.

Open JSON

Suited tasks

  • Coding agents workflows
  • Claude Code teams
  • teams that value GitHub adoption signals
  • Inspect source files
  • Explain architecture

Suited agents

HCLTerraformCodexClaude CodeCursorOpenAgentSkill CLICLI

Trust and risk

Trust score
90/100
Risk level
Safe to try
Auto install
review

Install command

npx skills add bridgecrewio/terragoat
Public auditResolve APIInstall handoff

Do not use when

  • teams that need a vendor-supported SLA
  • high-compliance environments without internal security review
  • No OpenAgentSkill engagement data yet
  • Quality score needs review

Alternative

Kubernetes

123.0K stars

npx skills add kubernetes/kubernetes

Alternative

Traefik

63.6K stars

npx skills add traefik/traefik

Alternative

Etcd

51.8K stars

npx skills add etcd-io/etcd

Alternative

Terraform

48.7K stars

npx skills add hashicorp/terraform

Agent safety v2

68/100 · Review before install

Reviewedreview

Good audit and safety signals with no high-risk permission hints in public metadata.

Review the audit page, then allow agent install in a sandboxed workflow.

Resolve via API

medium

Network access

Skill likely fetches remote pages, APIs, repositories, or external services.

medium

Filesystem access

Skill may read or write project files, documents, generated artifacts, or local workspace state.

  • Quality score needs review

Install targets

Install this skill in your agent workflow

Copy the registry command or an agent-specific install prompt for Codex, Claude Code, and Cursor.

skill install

OpenAgentSkill CLI

Use the registry command when your workflow supports the OpenAgentSkill installer.

$ npx skills add bridgecrewio/terragoat

Agent resolve plan

Let an agent verify fit before installing.

The Resolve API returns the selected skill, alternatives, safety policy, audit notes, install target, and copy-paste prompt an agent can follow without scraping this page.

Open text plan

Resolve JSON

/api/agent/resolve?task=Use%20Terragoat%20for%20an%20agent%20workflow&agent=codex&max_risk=medium

Resolve text

/api/agent/resolve?task=Use%20Terragoat%20for%20an%20agent%20workflow&agent=codex&max_risk=medium&format=text

Install handoff

/api/skills/bridgecrewio-terragoat/install

Agent should check

  • Task fit and alternatives from Resolve API.
  • Audit score, trust score, and safety policy warnings.
  • Install target compatibility for Codex, Claude Code, Cursor, or CLI.

Copy prompt

Task: Use Terragoat in this workspace.
Resolve first: https://www.openagentskill.com/api/agent/resolve?task=Use%20Terragoat%20for%20an%20agent%20workflow&agent=codex&max_risk=medium
Review install handoff: https://www.openagentskill.com/api/skills/bridgecrewio-terragoat/install
Install command: npx skills add bridgecrewio/terragoat
Before running it, summarize audit warnings, required permissions, and the fallback skill if install is risky.

Agent handoff

Give an agent the install path, not another directory page.

Use the public install endpoint to fetch the command, safety checklist, target prompts, and canonical links for this skill.

Open install API

Install handoff

/api/skills/bridgecrewio-terragoat/install

LLM text format

/api/skills/bridgecrewio-terragoat/install?format=text

Find alternatives

/api/skills/search?q=Terragoat&limit=3

Agent prompt

Use Terragoat for this task. Review https://www.openagentskill.com/api/skills/bridgecrewio-terragoat/install, then install with: npx skills add bridgecrewio/terragoat

Registry metadata

Agent-readable profile for automatic skill selection.

This page exposes the same decision, trust, audit, use-case, and install signals through the Registry API, so agents can rank this skill without scraping the UI.

Open manifest

Manifest

/api/registry/manifest/bridgecrewio-terragoat

LLM text

/api/registry/manifest/bridgecrewio-terragoat?format=text

Install alias

/api/registry/install/bridgecrewio-terragoat

Recommend

/api/registry/recommend?task=Use%20Terragoat%20in%20an%20agent%20workflow&limit=3

Agent fit

86/100

Coding agents

Use-case tags

Coding agentsGitHub automationRAG and knowledge

Platforms

HCL, Terraform, Claude Code

Audit report

Safe to try · 84/100

Review install readiness, maintenance, trust, quality, and metadata warnings before adding this skill to an agent workflow.

View audit report

Agent decision cockpit

Primary pick for Coding agents

Use this as a leading candidate, then validate the README and install path in your own agent stack.

86
Readiness
Adopt
Stage

Role in stack

Primary pick

Primary fit

Coding agents

Trust label

Production-ready

Install path

Command ready

Use when

  • Coding agents workflows
  • Claude Code teams
  • teams that value GitHub adoption signals

Evidence

  • 1,289 GitHub stars
  • install command or GitHub repo available
  • 84/100 quality profile

Review first

  • No OpenAgentSkill engagement data yet

Implementation path

  1. 1Install it in a sandbox agent and run one Coding agents task end to end.
  2. 2Compare output quality, latency, and failure behavior against at least one alternative.
  3. 3Promote it into production only after reviewing repository permissions, license, and maintenance signals.

Trust profile

Production candidate

Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.

90
Trust score

GitHub adoption

PASS

1.3K GitHub stars

Stars/forks activity

PASS

1.3K stars, 5.8K forks; issue activity unavailable in current metadata

Recent maintenance

INFO

11mo since push

License clarity

PASS

Apache-2.0

Good signals

  • Manually verified listing
  • AI review approved
  • Install path is available
  • Repository evidence is available
  • Meaningful GitHub adoption signal
  • Install command has no obvious high-risk pattern

Review before install

  • Quality score needs review

Recommended action

Shortlist for production use, then run a normal repository and dependency review.

Quality profile

Strong candidate for agent workflows

Solid option that is likely worth shortlisting for production workflows.

84
GitHub stars
1.3K
Freshness
11mo ago
Install ready
Yes
License
Apache-2.0

Workflow fit

Use this skill in these scenarios

Build and ship code

Coding agents

I need a coding agent that can understand a repository, edit code, and review pull requests.

Manage repositories

GitHub automation

I need my agent to triage GitHub issues, review pull requests, and summarize repository changes.

Search private knowledge

RAG and knowledge

I need my agent to build a RAG workflow over documents and retrieve reliable context.

Stack fit

Add it to a complete workflow

Inspect, patch, and verify code

Coding review agent

A stack for software agents that inspect repositories, review pull requests, generate tests, and turn findings into shippable patches.

Turn skills into distribution

Content growth agent

A stack for turning newly indexed skills into SEO briefs, social drafts, comparison pages, and reusable publishing workflows.

Ingest, retrieve, and cite

RAG knowledge base

A stack for document-heavy agents that ingest files, create searchable knowledge, retrieve relevant context, and answer with grounded sources.

Alternative shortlist

Compare before you install

Similar skills in this category, ranked with the same readiness and quality signals.

Compare all

Kubernetes

Production-Grade Container Scheduling and Management

Adopt
Ready100
Quality100
Stars123.0K

Traefik

The Cloud Native Application Proxy

Adopt
Ready100
Quality100
Stars63.6K

Etcd

Distributed reliable key-value store for the most critical data of a distributed system

Adopt
Ready100
Quality100
Stars51.8K

Terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Adopt
Ready100
Quality100
Stars48.7K

Overview

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Imported by the skill-only GitHub discovery pipeline because it matches agent skill, automation, domain workflow, RAG, document-processing, data, finance, security, or developer-tool signals. Protocol-server projects are excluded from automated imports.

Platform Compatibility

hclFULL
terraformFULL

Technical Details

Version
1.0.0
License
Apache-2.0
Last Updated
6/16/2026
Published
6/16/2026

Frameworks & Tools

HCLTerraform

Decision snapshot

Primary pick

86
Ready
Adopt
Stage

1,289 GitHub stars

Audit Snapshot

Install and adoption review

84
Safe to try
Security
89/100
Maintenance
62/100
Install
92/100
Open full audit

Install

Free and open source

Compare AlternativesAuto-resolve PlanView on GitHubDocumentation

Growth loop

Share this skill

X

Scenario-led draft for Terragoat, with the OpenAgentSkill Update theme and canonical URL.

OpenAgentSkill Update
Today: Terragoat

Use it when your agent needs to turn docs, data, or knowledge bases into answers and actions.

1.3K stars - devops
Link: https://www.openagentskill.com/skills/bridgecrewio-terragoat?ref=x
#AIAgents #OpenAgentSkill
Open X draft
Optional reply with install command
Link for Terragoat:
https://www.openagentskill.com/skills/bridgecrewio-terragoat?ref=x

Install: npx skills add bridgecrewio/terragoat
Open reply draft

Listing source

Community indexed

Claimable

This listing was indexed from public sources and is not marked official until a maintainer claim is approved.

Indexed by
OpenAgentSkill community index

Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals.

Claim this skill

Owner claim

Claim this skill listing

This community indexed listing is attributed to bridgecrewio but is not marked official yet. Claim it to add a verified owner signal and make future launch, install, and audit updates easier to trust.

README badge

Add this badge to your GitHub README to show the listing, trust score, and install handoff.

[![OpenAgentSkill](https://www.openagentskill.com/api/badge/bridgecrewio-terragoat)](https://www.openagentskill.com/skills/bridgecrewio-terragoat)
Preview badgeAudit badge

Author

B

bridgecrewio

@bridgecrewio

Tags

terraforminfrastructuredevopsaws-securityazure-securitycloud-securitydevsecopsgcp-securitygoathcl

Platform Fit

Claude Code

Health Signals

GitHub stars
1.3K
Quality score
52/100
Last GitHub push
Jul 13, 2025
Framework hints
2
OpenAgentSkill views
0
Install copies
0
Outbound clicks
0

Community Signal

Share whether this skill looks useful for your agent workflow. Aggregated feedback improves rankings over time.

Trust & Safety

Production candidate

90
  • GitHub adoption1.3K GitHub starsPASS
  • Stars/forks activity1.3K stars, 5.8K forks; issue activity unavailable in current metadataPASS
  • Recent maintenance11mo since pushINFO
  • License clarityApache-2.0PASS
  • README/SKILL.md completenessMetadata includes enough usage and workflow contextPASS
  • Dependency/runtime riskno major dependency risk hints in public metadataPASS

Related Skills

Kubernetes

Production-Grade Container Scheduling and Management

123.0K stars · 0 installs

Traefik

The Cloud Native Application Proxy

63.6K stars · 0 installs

Etcd

Distributed reliable key-value store for the most critical data of a distributed system

51.8K stars · 0 installs

Terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

48.7K stars · 0 installs