Skills
skills/alexei-led/claude-code-config/using-cloud-cli/Gen Agent Trust Hub

using-cloud-cli

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The instruction cat ~/.aws/credentials in SKILL.md explicitly commands the agent to read highly sensitive, plain-text credential files into its context. This pattern is identified as a high-severity exposure risk.
  • Indirect Prompt Injection (HIGH): The skill possesses a high-risk vulnerability surface due to its combined capabilities and lack of defensive measures.
  • Ingestion points: The skill utilizes the Read tool, which allows it to ingest untrusted content from the filesystem.
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within processed data.
  • Capability inventory: The skill has access to the Bash tool, allowing for arbitrary subprocess execution, and the Read tool for file access. It also includes destructive cloud commands like gcloud ... delete.
  • Sanitization: There is no evidence of input validation or escaping before passing data to shell commands.
  • Metadata Poisoning (MEDIUM): The description suggests use for 'making decisions about cloud services,' which, when paired with the Bash tool and lack of input sanitization, increases the risk that malicious instructions in cloud resource metadata could trick the agent into performing unauthorized operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:19 AM