devops
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (LOW): The
SKILL.mdfile contains the commandcurl https://sdk.cloud.google.com | bash. This pattern of piping a remote script directly into a shell is usually a high-risk vector. However, because the source isgoogle.com(a Trusted External Source), the severity is downgraded to LOW per the [TRUST-SCOPE-RULE]. - Indirect Prompt Injection (LOW): The skill provides patterns for 'AI-Powered Web Scrapers' in
references/browser-rendering.mdandreferences/cloudflare-workers-advanced.md. - Ingestion points: The skill uses
page.content()to ingest untrusted data from external websites. - Boundary markers: There are no boundary markers or sanitization logic shown to prevent instructions inside scraped HTML from influencing the AI models (
llama-3-8b-instruct). - Capability inventory: The environment has access to Cloudflare AI bindings and network requests via Puppeteer.
- Sanitization: No escaping or validation of external content is present before it is passed to the AI model.
- External Downloads (LOW): The skill references various installers and packages from trusted domains including
google.com,npmjs.com, andcloudflare.com. These are acceptable for the skill's intended DevOps purpose.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata