skills/jeremylongshore/claude-code-plugins-plus-skills/pubsub-subscription-config/Gen Agent Trust Hub
pubsub-subscription-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external configuration data for GCP Pub/Sub and has a high-privilege capability inventory including 'Bash(gcloud:*)', 'Write', and 'Edit' tools. This creates a vulnerability where malicious instructions embedded in configuration files or user requests could trigger unauthorized GCP resource modifications. \n
- Ingestion points: User prompts and configuration data related to 'pubsub subscription config'. \n
- Boundary markers: Absent; the skill does not define delimiters to separate instructions from data. \n
- Capability inventory: 'Bash(gcloud:*)', 'Write', 'Edit' (defined in SKILL.md frontmatter). \n
- Sanitization: Absent; no logic is specified to filter or validate input before passing it to tools.\n- Command Execution (HIGH): The skill explicitly requests wildcard access to the 'gcloud' utility. While necessary for its stated purpose, this privilege level allows for significant side effects if the agent is misled by malicious input.\n- No Code (INFO): The skill contains only metadata and descriptive text, providing no executable logic of its own, making it entirely dependent on the agent's interpretation of its broad tool permissions.
Recommendations
- AI detected serious security threats
Audit Metadata