gcp-cloud-run
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill creates an attack surface for indirect prompt injection by processing untrusted external data. 1. Ingestion points: 'req.params' and 'req.body' (src/index.js), and 'cloudEvent.data' (index.js). 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: The code includes 'res.json' (src/index.js), 'res.send' (index.js), and placeholder business logic 'processMessage' and 'getItem'. 4. Sanitization: No sanitization or validation of input data is performed before processing or returning it to the user.
- [COMMAND_EXECUTION] (LOW): Deployment scripts in 'cloudbuild.yaml' and 'bash' snippets use the '--allow-unauthenticated' flag, which configures services to be reachable by the public internet. This can lead to accidental exposure of sensitive internal logic or data.
- [EXTERNAL_DOWNLOADS] (INFO): The templates reference standard Node.js packages and Docker base images ('node:20-slim', 'gcr.io/distroless/nodejs20-debian12') from trusted Google Cloud and public registries.
Audit Metadata