gcloud
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill enables the agent to read data from external sources like Cloud Storage (cat/cp), Secret Manager (access latest), and Cloud Logging (read/tail). If an attacker can write to these cloud resources, they could potentially embed malicious instructions for the agent.
- Ingestion points:
storage.md(gcloud storage cat),iam.md(gcloud secrets versions access),compute.md(gcloud logging read), anddata.md(bq head). - Boundary markers: Absent; the skill relies on standard command output without specific delimiters to isolate untrusted data.
- Capability inventory: High; the skill includes commands for resource deletion, IAM policy modification, firewall configuration, and service deployment.
- Sanitization: Absent; there are no instructions for the agent to validate or sanitize content retrieved from the cloud environment.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill suggests installation via the
scooppackage manager and references Google-maintained GitHub Actions. - Evidence:
scoop install gcloudinSKILL.mdandgoogle-github-actions/auth@v2inautomation.md. - [TRUST-SCOPE-RULE]: Google and its associated repositories are trusted organizations, and scoop is a standard tool for the platform, downgrading the download finding to LOW/INFO.
Audit Metadata