cloud-function-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process user requests for cloud function generation while being granted high-privilege capabilities. Evidence: 1. Ingestion points: User requests triggered by phrases like 'cloud function generator' (SKILL.md). 2. Boundary markers: No delimiters or ignore-instructions found in the skill definitions. 3. Capability inventory: Significant access including 'Write', 'Edit', and 'Bash(gcloud:*)' (SKILL.md). 4. Sanitization: No input validation or sanitization logic is defined.
- [Command Execution] (MEDIUM): The skill requests broad 'gcloud' CLI permissions ('gcloud:*'). This lack of restriction to specific subcommands grants an attacker a wide surface area if the agent is successfully manipulated via injection.
Recommendations
- AI detected serious security threats
Audit Metadata