gcloud
Fail
Audited by Snyk on Mar 1, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed secrets or passwords directly in commands (e.g., echo -n "my-secret-value" | gcloud secrets create ..., gcloud sql users create ... --password=PASSWORD, --set-env-vars with plaintext), which would require the agent to include secret values verbatim in output.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's one-time setup explicitly downloads and extracts the Google Cloud SDK from https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz and runs its install.sh, which fetches and executes remote code that the skill depends on.
Audit Metadata