Skills
skills/oimiragieo/agent-studio/gcloud-cli/Gen Agent Trust Hub

gcloud-cli

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installation instructions in SKILL.md describe fetching the Google Cloud SDK from an official Google domain (https://sdk.cloud.google.com) and executing it via bash. This is a standard procedure for a well-known service provider.- [COMMAND_EXECUTION]: The scripts/main.cjs file uses child_process.spawn to run gcloud commands. It correctly implements shell: false to prevent shell injection, though it allows any subcommand the user has authorized in their environment.- [PROMPT_INJECTION]: The skill defines a "Memory Protocol" in SKILL.md that instructs the agent to persist data to local files in the .claude/context/memory/ directory. While intended for state management, this could be exploited if an attacker provides malicious content that the agent then saves as persistent instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:04 PM