GCP Project Migration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (MEDIUM): The skill references and executes a local automation script
./.agent/skills/gcp-migration/scripts/migrate-gcp-project.shwhose content is not provided for security verification.\n- Credential Safety (MEDIUM): The instructions direct the user to set sensitive secrets likeDATABASE_URLandJWT_SECRET_KEYas environment variables viagcloud, which can expose them in process trees and command history.\n- External Downloads (LOW): The skill usescurl -s ifconfig.meto fetch the runner's IP address from a third-party service.\n- Indirect Prompt Injection (LOW): The skill processes project-specific metadata and user-provided identifiers without sanitization before passing them to high-privilege CLI tools.\n - Ingestion points: User-provided project IDs and regions in CLI flags for the migration script.\n
- Boundary markers: None identified.\n
- Capability inventory:
gcloud(IAM, SQL, Storage),docker,psql, and shell script execution.\n - Sanitization: None specified in instructions or examples.
Audit Metadata