google-cloud-configs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The 'setup-bigquery-ml.sh' and 'setup-vertex-ai.sh' scripts create a significant surface for Indirect Prompt Injection. * Ingestion points: Variables 'PROJECT_ID', 'DATASET_NAME', and 'BUCKET_NAME' are read directly from user or agent input via the 'read' command. * Boundary markers: Absent; no delimiters are used to wrap external data. * Capability inventory: The scripts execute powerful CLI tools (gcloud, bq, gsutil) and modify files using 'sed' and unquoted heredocs. * Sanitization: Absent; variables are interpolated directly into shell commands and heredoc blocks without validation.
- [COMMAND_EXECUTION] (HIGH): Lack of input sanitization in the bash scripts enables arbitrary command execution. An attacker could provide values containing shell metacharacters to run unintended commands on the host.
- [CREDENTIALS_UNSAFE] (LOW): Includes a GCP service account template ('templates/gcp_auth.json'). While it uses placeholders, it promotes local credential storage, which requires careful handling to avoid exposure.
Recommendations
- AI detected serious security threats
Audit Metadata