devops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation and SKILL.md promote the execution of remote scripts using 'curl | bash' for installing the Google Cloud SDK (
https://sdk.cloud.google.com | bash). This pattern is a significant security risk as it allows a remote server to execute arbitrary commands on the host system. \n- PROMPT_INJECTION (HIGH): The browser-rendering reference (references/browser-rendering.md) provides a vulnerable code example for an 'AI-Powered Web Scraper'. \n - Ingestion points:
page.content()inreferences/browser-rendering.md. \n - Boundary markers: Absent; the HTML content is directly appended to the model prompt without delimiters. \n
- Capability inventory: The Worker has access to
env.AI(Workers AI) andenv.MYBROWSER(Browser Rendering). \n - Sanitization: None; raw HTML is passed directly to the Llama-3 model, creating a high-risk surface for indirect prompt injection from malicious websites. \n- COMMAND_EXECUTION (MEDIUM): The
scripts/cloudflare_deploy.pyscript executes CLI tools likewranglerusingsubprocess.run. While the command is constructed using a list to prevent shell injection, the execution remains dependent on the integrity of the local environment and project configuration files. \n- EXTERNAL_DOWNLOADS (LOW): The skill requires downloading binaries and libraries from external sources (Google Cloud, npm). Although these are reputable providers, the method of execution (e.g., piped to bash) elevates the risk profile.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://sdk.cloud.google.com - DO NOT USE
- AI detected serious security threats
Audit Metadata