The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive local file access were found. The skill explicitly lists 'Storing credentials in code' as an anti-pattern.
[Command Execution] (SAFE): Tool usage is restricted to 'gcloud' commands via the Bash tool, which is necessary for the skill's purpose.
[Obfuscation] (SAFE): No obfuscated strings or hidden characters were detected. Base64 usage in Pub/Sub examples is standard protocol handling.
[Indirect Prompt Injection] (LOW): The skill outlines patterns for processing external data from GCP services. While this creates a potential surface for injection if that data is later used in prompts, the severity is downgraded to SAFE as this behavior is fundamental to the skill's primary purpose of GCP integration.

gcp-expert