The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts (scripts/agent.py and scripts/process.py) and the primary documentation (SKILL.md) use the gcloud CLI to manage security policies and attestations. This behavior is necessary for the skill's functionality and follows best practices by using argument lists in subprocess.run to prevent shell injection.
[EXTERNAL_DOWNLOADS]: The skill interacts with official Google Cloud APIs (containeranalysis.googleapis.com) using curl to create Container Analysis notes. These are well-known services and the interaction is limited to standard administrative tasks.
[DATA_EXPOSURE]: Documentation includes 'break-glass' procedures for emergency deployments. These are standard features of Binary Authorization intended for incident response and are appropriately documented as high-privilege emergency overrides.

implementing-gcp-binary-authorization