The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several official Google Cloud and community-standard resources. It points to documentation at cloud.google.com, provides Maven/Gradle coordinates for Java dependencies via Sonatype (central.sonatype.com), and links to the official GoogleCloudPlatform GitHub repository for samples. All these are well-known or trusted services.
[COMMAND_EXECUTION]: Code samples include standard package management commands like pip install, npm install, go get, and dotnet add package. An experimental section for MCP (Model Context Protocol) demonstrates using npx to run a weather tool. These are documented as part of the SDK setup and usage patterns.
[DATA_EXFILTRATION]: The skill provides instructions for authenticating via Google Cloud's Application Default Credentials (ADC) and API keys. It encourages the use of environment variables rather than hardcoding. There are no patterns suggesting unauthorized extraction of these credentials.
[REMOTE_CODE_EXECUTION]: The skill documents the Code Execution tool, which allows the Gemini model to generate and run Python code for computations. It also demonstrates how to connect to external tools via Function Calling and Search Grounding. These are legitimate features of the Vertex AI platform designed for agentic workflows.
[DATA_EXPOSURE]: The skill demonstrates handling various data types, including local files, Google Cloud Storage (gs://) URIs, and YouTube videos. This represents a surface for indirect prompt injection where instructions could be embedded in the data being processed. However, the skill provides documentation on safety filters and responsible AI thresholds to mitigate such risks.

genai-sdk