gcloud
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documents numerous bash commands for the
gcloudandbqCLIs. This is the intended primary purpose of the skill and no arbitrary or suspicious command injection patterns were found. - [CREDENTIALS_UNSAFE] (SAFE): While the skill describes authentication procedures (service accounts, auth login), it uses safe placeholders like
key.jsonandPROJECT_ID. No actual private keys or tokens are hardcoded. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill features commands that ingest external, potentially untrusted data into the agent's context.
- Ingestion points:
gcloud logging read,gcloud logging tail, andgcloud storage cp gs://bucket/file.txt ./(reading logs or files from cloud storage). - Boundary markers: Absent in the command templates.
- Capability inventory: Extensive GCP resource management including IAM policy modification, VM creation, and secret access.
- Sanitization: None provided within the skill text; the agent relies on its own output filtering.
Audit Metadata