The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation in SKILL.md provides examples that pass sensitive information, such as API_KEY and DATABASE_URL, directly through the --set-env-vars command-line flag. This practice is insecure as it exposes credentials to shell history, process lists, and system logs.\n- [DATA_EXFILTRATION]: The deployment instructions and the scripts/deploy.sh file utilize the --allow-unauthenticated flag by default. This automatically configures the Cloud Run service to be publicly accessible over the internet, which can lead to unintended exposure of data if the application is not intended for public access.\n- [COMMAND_EXECUTION]: The skill requires the execution of shell commands and a provided bash script to perform deployment. It explicitly instructs users to modify file permissions using chmod +x on the deploy.sh script to enable execution.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: The skill accepts a service name from the user and processes source code from the local directory via the --source flag. 2. Boundary markers: No delimiters or warnings are used to separate untrusted data from instructions. 3. Capability inventory: The skill can execute subprocesses via gcloud and the bash script. 4. Sanitization: No input validation or sanitization is performed on the service name or the content of the source directory before deployment.

gcp-deploy