cloud-run-basics
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection Surface: The skill includes instructions for deploying applications directly from source code, local files, or archives. When an agent is used to deploy code, there is a potential consideration if the source material is provided by an untrusted party, as it could contain malicious logic or configurations.
- Ingestion points: Deployment commands in SKILL.md and tools described in references/mcp-usage.md accept local directory paths or file contents.
- Boundary markers: The instructions do not currently include steps for the agent to verify the integrity or safety of the source code before the build and deployment process.
- Capability inventory: The skill leverages gcloud run deploy and similar commands which result in code execution within a managed cloud environment.
- Sanitization: Standard sanitization or automated security scanning of the source code is not explicitly mandated in the workflow instructions.
Audit Metadata