devops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The skill uses
curl https://sdk.cloud.google.com | bashto install the Google Cloud SDK. This is a piped execution of a remote script. Severity is downgraded to LOW as Google is a trusted source per [TRUST-SCOPE-RULE].\n- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Application files likepackage.json,Dockerfile, and project source code. 2. Boundary markers: Absent in deployment scripts. 3. Capability inventory: High-privilege execution ofnpm install,docker build, andgcloud deploy. 4. Sanitization: No validation of input file contents before execution. Malicious instructions embedded in processed code could hijack the agent's high-privilege session.\n- COMMAND_EXECUTION (HIGH): The skill provides logic for running powerful system commands across multiple platforms, which can modify infrastructure and access sensitive environments.\n- EXTERNAL_DOWNLOADS (LOW): Fetches thewranglerCLI vianpm install -g, a standard operation from a public repository.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://sdk.cloud.google.com - DO NOT USE
- AI detected serious security threats
Audit Metadata