devops
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): The skill instructions in
SKILL.mdandreferences/gcloud-platform.mdrecommend installing the Google Cloud SDK viacurl https://sdk.cloud.google.com | bash. While piping remote scripts to a shell is a high-risk pattern, the source is a Trusted Organization (Google), resulting in a downgrade to LOW per [TRUST-SCOPE-RULE]. - [EXTERNAL_DOWNLOADS] (LOW): The skill references and downloads tools/binaries (Wrangler, Docker, GCloud CLI) from reputable and trusted repositories. These are standard for DevOps workflows.
- [PROMPT_INJECTION] (LOW): The skill contains an indirect prompt injection surface where the agent processes untrusted data from external websites.
- Ingestion points:
page.content()inreferences/browser-rendering.mdandreferences/cloudflare-workers-advanced.md(AI-powered scraper examples). - Boundary markers: Absent in code examples; no explicit delimiters or instructions to ignore embedded commands are used when passing scraped content to LLMs.
- Capability inventory: The skill possesses network access (
fetch), database access (D1/KV), and local command execution capabilities viascripts/cloudflare_deploy.py. - Sanitization: The
best practicessection mentions URL validation and content sanitization, but the specific code examples do not implement these protections. - [COMMAND_EXECUTION] (SAFE): The
scripts/cloudflare_deploy.pyutility usessubprocess.runto execute thewranglerCLI. This is consistent with the primary purpose of the skill and is handled safely using static command lists.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata