accessing-cloud-storage
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture by providing detailed guides on avoiding hardcoded credentials. It promotes the use of Managed Identities, IAM roles, and OIDC federation (Workload Identity) for AWS, Azure, and GCP.
- [SAFE]: Documentation includes patterns for secret leakage prevention, such as pre-commit hooks and the use of 'detect-secrets' to scan for sensitive information.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing standard, well-known data engineering libraries (e.g., fsspec, pyarrow, boto3, polars) from official package registries. It also references the DuckDB 'httpfs' extension, which is a standard plugin for that ecosystem.
- [COMMAND_EXECUTION]: Contains code snippets for legitimate cloud filesystem operations (ls, cp, rm, cat) and CLI authentication commands (az login, gcloud auth, etc.). These operations are necessary for the skill's primary purpose and are implemented using established library APIs.
Audit Metadata