adk-deploy-guide
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The implementation patterns for event-driven triggers (Pub/Sub, Eventarc, and BigQuery) in
references/event-driven.mdingest data from external sources into the agent's prompt context. This represents a potential surface where external instructions could influence agent behavior. - Ingestion points: Untrusted data enters the agent through endpoints such as
/trigger/pubsub,/trigger/eventarc, and BigQuery remote functions. - Boundary markers: The provided code snippets do not currently implement specific delimiters or instructions to the model to disregard potentially embedded commands within the message payload.
- Capability inventory: The deployed agents have access to significant capabilities including interaction with Google Cloud services like Cloud Run, Secret Manager, and other infrastructure defined in Terraform.
- Sanitization: The example code does not demonstrate specific sanitization or validation of the message text before it is processed by the agent runner.
- Secure Credential Management: The guide correctly recommends using Google Cloud Secret Manager for sensitive information like API keys instead of environment variables, which is a key security practice for preventing accidental credential exposure.
- Trusted Infrastructure Automation: The skill utilizes Terraform and Workload Identity Federation (WIF) for managing infrastructure and CI/CD pipelines. This ensures that permissions are managed through auditable code and avoids the use of long-lived service account keys.
- Identity-Aware Proxy (IAP) Integration: The guide includes instructions for securing web UIs with IAP, providing a robust method for authenticating users via Google Identity before they can access the agent services.
- Trusted Tooling and Documentation: The skill references official tools such as the
adkCLI and theagent-starter-packutility, and points to official documentation atgoogle.github.io. These resources are consistent with the established development ecosystem for this vendor.
Audit Metadata