gcp-cloud-functions
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill was found to contain the command
curl https://sdk.cloud.google.com | bash. This is a high-risk pattern that allows for the immediate execution of arbitrary code from a remote server without verification of its integrity or contents. While the URL is associated with the official Google Cloud SDK installer, it is not included in the 'Trusted GitHub Organizations' or 'Trusted GitHub Repositories' list as defined in the security guidelines. Consequently, the source is classified as untrusted, and the use of piped execution to a shell is assigned a CRITICAL severity verdict. Remediation: Always verify the integrity of remote scripts (e.g., using checksums) before execution and avoid direct piping to shell environments.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata