The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill relies on natural language workflows to execute cloud commands (e.g., 'Check why service A cannot connect to B'). It lacks structured data schemas or input validation, creating a major vulnerability where a user could inject malicious strings into variables like <instance-name> or <bucket-name> to execute unauthorized gcloud flags or secondary shell commands.
[COMMAND_EXECUTION] (HIGH): The core functionality of the skill is to execute system-level CLI commands. The skill explicitly requests administrative permissions (roles/compute.instanceAdmin, roles/storage.admin, roles/iam.securityReviewer), which would allow an agent to delete infrastructure, modify firewall rules, or alter access control policies under the control of potentially malicious prompts.
[DATA_EXFILTRATION] (MEDIUM): Multiple commands provided (e.g., get-serial-port-output, iam get-policy, storage objects describe) are capable of retrieving sensitive environmental data, boot logs containing credentials, and security configurations. An attacker could leverage these to perform reconnaissance and exfiltrate the internal architecture of the cloud environment.
[CREDENTIALS_UNSAFE] (LOW): The skill hardcodes a specific project ID (srpproduct-dc37e) throughout the documentation and environment variable sections. While a project ID is not a secret, hardcoding target identifiers in a reusable skill is a poor security practice and can lead to accidental targeting of specific production environments.

cloud-resources