Skills
skills/davila7/claude-code-templates/Cloud Penetration Testing/Gen Agent Trust Hub

Cloud Penetration Testing

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • Remote Code Execution (LOW): The skill uses a piped shell command (curl https://sdk.cloud.google.com | bash) to install the Google Cloud SDK.
  • Evidence: Automated scanner detected the command: curl https://sdk.cloud.google.com | bash.
  • Trust Assessment: Under the [TRUST-SCOPE-RULE], domains associated with verified organizations like Google are considered trusted. Although the execution pattern (curl-to-bash) is high-risk in most contexts, it is the standard installation method for this official tool, leading to a downgrade from CRITICAL to LOW severity.
Recommendations
  • HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:04 PM