auditing-gcp-iam-permissions
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection as it ingests and processes untrusted metadata from GCP IAM policies. \n
- Ingestion points: GCP IAM policy data, resource display names, and identity emails retrieved from the Asset and IAM APIs in SKILL.md and scripts/agent.py. \n
- Boundary markers: None. The output is provided as raw text or JSON results without delimiters or instructions for the agent to ignore embedded commands. \n
- Capability inventory: The script performs read-only IAM queries and writes findings to a local report file. \n
- Sanitization: None. Data fetched from the cloud environment is not sanitized or escaped before being included in the final output. \n
- [COMMAND_EXECUTION]: The skill relies on legitimate gcloud CLI commands and inline Python scripts for querying IAM status and parsing results. This functionality is essential for the cloud auditing purpose and uses standard system binaries. \n
- [EXTERNAL_DOWNLOADS]: The skill requires official Google Cloud client libraries (google-cloud-asset, google-cloud-iam, google-cloud-resource-manager). These are well-known, trusted dependencies from an established vendor.
Audit Metadata