gcp-cloud-sql
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The gcloud provisioning commands in SKILL.md contain hardcoded password values ('secretpassword' and 'userpassword') rather than using secure placeholders. Using literal passwords in command-line flags can lead to exposure in shell history, process listings, and cloud logs.
- COMMAND_EXECUTION (LOW): The skill provides templates for executing infrastructure-level commands on Google Cloud Platform. While this is the stated purpose, these commands can perform significant stateful changes to the environment and should be used with restricted service account permissions.
Recommendations
- AI detected serious security threats
Audit Metadata