google-developer-knowledge-api
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script 'scripts/developer_knowledge_client.py' uses 'subprocess.run' to execute the 'gcloud' CLI. This is used strictly for obtaining authentication tokens via a static argument list. Evidence: '_get_access_token' method calling 'gcloud auth application-default print-access-token'.\n- [DATA_EXFILTRATION] (LOW): The client performs network requests to 'developerknowledge.googleapis.com'. While this domain is not on the predefined whitelist, it is a legitimate Google API service. No sensitive local files (e.g., SSH keys, .env) are targeted for exfiltration.\n- [PROMPT_INJECTION] (LOW): The skill ingests external documentation content, creating an indirect prompt injection surface (Category 8).\n
- Ingestion points: API responses fetched in 'scripts/developer_knowledge_client.py' through 'get_document' and 'search' methods.\n
- Boundary markers: None identified in the script logic to delimit external content from system instructions.\n
- Capability inventory: 'subprocess.run' (authentication) and 'urllib.request' (fetching documentation content).\n
- Sanitization: No explicit sanitization or filtering of the fetched markdown content was identified.\n- [EXTERNAL_DOWNLOADS] (INFO): The documentation recommends the installation of 'google-auth' and 'google-auth-httplib2'. These are trusted packages from a verified organization (Google), satisfying the [TRUST-SCOPE-RULE].
Audit Metadata