Terraform doesn't know what it doesn't know. It only cares about stuff you defined in code and ignores all the rest. You can't use it for auditing purposes, except in its narrow scope.
As much a fan of Terraform I am. If you didn't started defining your repos in Terraform from day 0, importing hundreds of repos, members, permission sets would be quite a lot more work than running this audit tool.
And quite frankly, terraform is great at first, and maybe for smaller projects, but for larger cases it becomes unmaintainable and unrefactorable pretty quickly.