devops
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): The skill provides instructions to download and execute code directly from the web using the 'curl | bash' pattern. Evidence: SKILL.md and references/gcloud-platform.md (targeting sdk.cloud.google.com). This finding is downgraded to LOW because the source is a Trusted Organization (Google).
- [COMMAND_EXECUTION] (LOW): Documentation suggests using 'sudo' for package management during Google Cloud CLI installation and the 'cloudflare_deploy.py' script executes 'wrangler' via subprocess. Evidence: references/gcloud-platform.md and scripts/cloudflare_deploy.py. These are standard practices for the intended DevOps functionality.
- [PROMPT_INJECTION] (LOW): The skill implements an indirect prompt injection surface through its 'AI-Powered Web Scraper' examples. Evidence: references/browser-rendering.md. Ingestion points: page.content(); Boundary markers: Absent; Capability inventory: env.AI.run; Sanitization: Absent. Content from external URLs is passed directly to the model.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references various external SDKs (wrangler, docker, gcloud) from well-known trusted providers. Evidence: scripts/requirements.txt.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata