gcp-cloud-run
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [General] (SAFE): The skill contains standard boilerplate and configuration for GCP Cloud Run and Functions. No malicious patterns, obfuscation, or data exfiltration attempts were found.
- [Privilege Escalation] (SAFE): The provided Dockerfile follows best practices by using
node:20-slimand switching to a non-rootUSER nodefor execution. - [External Downloads] (SAFE): All external references point to trusted Google Container Registry images (gcr.io) and official Cloud SDK tools.
- [Indirect Prompt Injection] (LOW): The skill defines functions that process external input (e.g., HTTP request parameters, Pub/Sub messages). While this creates an attack surface for the resulting application, it is inherent to the service's purpose, and the provided templates use standard parsing methods.
Audit Metadata