cloud-foundation-fabric
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill provides comprehensive documentation and HCL configuration examples for Google Cloud Foundation Fabric (CFF), facilitating the deployment of production-ready GCP infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill references external Terraform modules and documentation from the official Google Cloud Platform GitHub repository (github.com/GoogleCloudPlatform/cloud-foundation-fabric). These are trusted resources from a well-known service provider.
- [SAFE]: (Indirect Prompt Injection) The skill documents factory patterns in references/factory-patterns.md that ingest external YAML configuration files. This represents a potential surface for indirect prompt injection if an agent is tasked with processing untrusted configuration data. (Ingestion points: YAML configuration files in references/factory-patterns.md; Boundary markers: Absent; Capability inventory: Management of GCP resources like projects, VPCs, and GKE clusters via Terraform; Sanitization: Absent).
- [PROMPT_INJECTION]: No prompt injection, role-play instructions, or instruction override patterns were detected.
- [DATA_EXFILTRATION]: No patterns for unauthorized data access, credential exposure, or network exfiltration were found.
- [NO_CODE]: The skill consists of documentation and configuration snippets without any executable scripts or automated installation processes.
Audit Metadata