devops
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): The skill provides instructions to install the Google Cloud SDK using a piped shell command (curl https://sdk.cloud.google.com | bash) in SKILL.md and references/gcloud-platform.md. This is downgraded from CRITICAL to LOW because the source is an official Google domain, which is a trusted entity.
- [PROMPT_INJECTION] (LOW): The skill features examples of web scraping where external data is passed to an AI model (references/browser-rendering.md and references/cloudflare-workers-advanced.md), creating a surface for indirect prompt injection. * Ingestion points: Remote content is fetched via page.goto(url) using Puppeteer. * Boundary markers: The prompts do not use delimiters or instructions to ignore embedded commands. * Capability inventory: Cloudflare Workers have access to D1 SQL databases, R2 storage, and KV stores. * Sanitization: Scraped HTML is passed to the AI without sanitization.
- [COMMAND_EXECUTION] (SAFE): The Python script scripts/cloudflare_deploy.py wraps wrangler CLI calls safely using subprocess with fixed command structures and validated environment choices.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata