Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/validator-expert/Gen Agent Trust Hub

validator-expert

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is designed as a security auditor and follows safe practices, such as verifying encryption and least-privilege IAM roles.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gcloud CLI commands. These operations are intended for inspecting cloud infrastructure metadata (e.g., gcloud ai agents describe, gcloud projects get-iam-policy) to generate readiness scores.
  • [EXTERNAL_DOWNLOADS]: The skill refers to official documentation and uses the gcloud CLI, which is an established utility from a well-known service provider (Google Cloud).
  • [PROMPT_INJECTION]: The skill processes external configuration data which presents a surface for indirect prompt injection. Ingestion points: Retrieves IAM policies and logging configurations (scripts/validate-production.sh). Boundary markers: No explicit delimiters or instructions are used to isolate environment data from agent instructions. Capability inventory: The skill utilizes Bash with unrestricted command access (cmd:*) and file access tools. Sanitization: No evidence of validation or sanitization of environment metadata before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 11:29 PM