skills/jeremylongshore/claude-code-plugins-plus-skills/cloud-scheduler-job-creator/Gen Agent Trust Hub
cloud-scheduler-job-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection as it ingests untrusted user requests to perform actions with high-privilege tools.
- Ingestion points: User requests triggered by phrases like "Help me with cloud scheduler job creator" (SKILL.md).
- Boundary markers: Absent. There are no instructions to the agent to ignore embedded commands or treat user input as data only.
- Capability inventory: Access to
Bash(gcloud:*),Write, andEdittools (SKILL.md). - Sanitization: Absent. No validation or filtering logic is provided to ensure generated gcloud commands are restricted to job creation.
- [COMMAND_EXECUTION] (MEDIUM): The skill requests overly broad permissions using a wildcard in the bash tool.
- Evidence:
allowed-tools: Bash(gcloud:*)in SKILL.md. This allows the agent to execute any gcloud command, including deleting projects, modifying IAM policies, or exfiltrating data, which exceeds the least-privilege requirements for simply creating scheduler jobs.
Recommendations
- AI detected serious security threats
Audit Metadata