gcp-cloud-run
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [CREDENTIALS_SAFE] (SAFE): The file
references/validations.mdcontains regular expressions (e.g.,AIza[0-9A-Za-z-_]{35}) specifically designed to identify and flag hardcoded GCP service account keys and API keys in user-provided code. No actual secrets or credentials are hardcoded within the skill itself. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to analyze external data (user-provided source code and infrastructure configurations). This creates an ingestion surface for indirect prompt injection. However, based on the provided files, the skill contains no executable scripts, network capabilities, or file-system write operations. The risk is limited to influencing the agent's reasoning within the current session.
- [COMMAND_EXECUTION] (SAFE): No patterns related to subprocess spawning, shell execution, or arbitrary command execution were found in the markdown files.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not define any external dependencies, remote script downloads, or package installations.
Audit Metadata