gcp-cloud-run
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): References official Google container images (gcr.io/cloud-builders) and standard Node.js slim/distroless images from trusted registries.
- [COMMAND_EXECUTION] (LOW): Includes deployment instructions using the '--allow-unauthenticated' flag. While this is standard for public-facing serverless components, it is a security configuration choice that grants public access.
- [INDIRECT_PROMPT_INJECTION] (INFO): The provided code templates ingest data from HTTP requests and Pub/Sub messages. The templates use this data for display (logging or greetings), which constitutes a Tier INFO surface with negligible risk in its current form.
Audit Metadata