Cloud Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The skill performs remote script execution by piping a curl command directly into bash:
curl https://sdk.cloud.google.com | bash. While this pattern is typically classified as a high-risk Category 4 finding, the source domain (sdk.cloud.google.com) belongs to Google, which is an explicitly Trusted External Source. Per the [TRUST-SCOPE-RULE], findings involving trusted organizations are downgraded to LOW severity. - EXTERNAL_DOWNLOADS (LOW): The skill initiates a network download from a trusted external domain to install required tooling. Since the destination is a trusted source and is not combined with sensitive data access, it is considered low risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata