gcp-examples-expert
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture by explicitly instructing the agent to use Google Cloud Secret Manager for credentials and to apply IAM least-privilege service accounts in all generated examples.
- [EXTERNAL_DOWNLOADS]: The skill references several official GitHub repositories from the Google Cloud Platform and Firebase organizations, as well as the installation of common development tools like
firebase-tools. These resources are provided by well-known and trusted technology companies. - [COMMAND_EXECUTION]: A utility script (
scripts/create-example.sh) is included to scaffold local project structures. The script uses standard shell commands with appropriate quoting to create files like Dockerfiles and application boilerplate, facilitating legitimate development tasks. - [PROMPT_INJECTION]: The skill facilitates the generation of code based on user requests, which represents an indirect prompt injection surface. The instructions mitigate this risk by requiring the integration of safety filters and Model Armor in the production-ready outputs it generates.
Audit Metadata