gke-cluster-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface due to its combination of broad tool permissions and ingestion of untrusted user input.
- Ingestion points: User requests containing phrases like 'gke cluster config' or 'Set up gke cluster config'.
- Boundary markers: None specified in SKILL.md to separate user instructions from system commands.
- Capability inventory: Access to
Bash(gcloud:*),Write, andEdit. Thegcloud:*wildcard allows any subcommand within the Google Cloud SDK, including identity management, resource deletion, and project configuration. - Sanitization: No sanitization or validation logic is defined to prevent users from injecting malicious bash flags or additional commands (e.g., command chaining via ';' or '&&') into the gcloud execution path.
- Command Execution (HIGH): The skill explicitly allows
Bash(gcloud:*). This permission set is overly permissive as it enables the agent to perform any action the authenticated GCP service account is capable of, extending far beyond the stated purpose of GKE cluster configuration.
Recommendations
- AI detected serious security threats
Audit Metadata