devops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user to execute a remote script via
curl https://sdk.cloud.google.com | bash. This is a critical security risk as it executes unverified code from a remote server directly in a shell environment.\n- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). It performs high-privilege cloud operations (deployment, infrastructure management) using data ingested from untrusted sources like Dockerfiles and project configurations.\n - Ingestion points: Project files and configuration files processed during deployment and optimization tasks.\n
- Boundary markers: None; there are no delimiters or instructions to treat external data as untrusted.\n
- Capability inventory: Broad cloud management capabilities including
wrangler deploy,gcloud run deploy, anddocker build.\n - Sanitization: Absent; the skill lacks any mechanisms to sanitize or validate external content before use in high-privilege commands.\n- [COMMAND_EXECUTION] (MEDIUM): The skill uses potentially dangerous shell operations, such as creating files via
catand running build processes that could be exploited if environment variables or input files are compromised.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs thewranglerCLI and Google Cloud SDK from sources not explicitly included in the provided Trusted External Sources list.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://sdk.cloud.google.com - DO NOT USE
- AI detected serious security threats
Audit Metadata