iam-binding-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests user-provided triggers to execute powerful IAM management commands via gcloud.
- Ingestion points: User input triggers defined in 'SKILL.md' (e.g., 'How do I implement iam binding creator?').
- Boundary markers: None identified; there are no explicit instructions to ignore embedded commands in the processed data.
- Capability inventory: Broad bash execution access for 'gcloud:*' as defined in 'allowed-tools'.
- Sanitization: No evidence of sanitization or input validation logic in the skill definition.
- [Command Execution] (SAFE): While the skill requests bash access, the usage is consistent with the stated purpose of managing GCP IAM bindings. No hardcoded malicious command strings or obfuscated scripts were found.
Audit Metadata