skills/jeremylongshore/claude-code-plugins-plus-skills/vertex-ai-pipeline-creator/Gen Agent Trust Hub
vertex-ai-pipeline-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill metadata explicitly allows 'Bash(gcloud:*)' which permits arbitrary Google Cloud CLI commands. This is a high-privilege capability that could be abused if the agent is manipulated into executing commands outside the user's intent.
- PROMPT_INJECTION (HIGH): The skill lacks instructions for sanitizing user input or defining clear boundaries for processed data. An attacker could provide a malicious pipeline definition or GCP configuration that, when processed by this skill, leads the agent to execute unauthorized gcloud commands (Category 8: Indirect Prompt Injection). Evidence: 1. Ingestion: User requests and pipeline configurations (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash(gcloud:*), Write, Edit (SKILL.md). 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata