The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interfaces with remote MCP servers hosted on official Google Cloud domains (compute.googleapis.com and cloudresourcemanager.googleapis.com). These are well-known services and the references are handled neutrally.
[CREDENTIALS_UNSAFE]: Authentication is managed through standard Google Cloud environment variables (GOOGLE_APPLICATION_CREDENTIALS) and OAuth 2.0 flows. No hardcoded credentials or private keys are present.
[COMMAND_EXECUTION]: The skill includes tools for provisioning and deprovisioning cloud infrastructure. It explicitly recommends using Change Request (CR) gating and logging via the GAIT system to manage the risk associated with these high-privilege operations.
[PROMPT_INJECTION]: A surface for indirect prompt injection exists because the agent processes external data (GCP resource names and metadata) which could contain malicious instructions.
Ingestion points: Resource discovery and listing tools (e.g., search_projects, list_instances) in SKILL.md.
Boundary markers: None explicitly defined in the prompt instructions.
Capability inventory: Resource modification tools including create_instance and delete_instance defined in SKILL.md.
Sanitization: No explicit sanitization of GCP metadata is described in the skill logic.

gcp-compute-ops