devops
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill instructs users to install the Google Cloud SDK using 'curl https://sdk.cloud.google.com | bash' in SKILL.md and references/gcloud-platform.md. This pattern is typically CRITICAL, but the domain is a trusted Google source, which downgrades the finding severity to LOW per [TRUST-SCOPE-RULE].\n- Privilege Escalation (MEDIUM): Installation instructions for Google Cloud CLI on Linux systems (references/gcloud-platform.md) involve 'sudo apt-get install'. While 'sudo' usage is classified as HIGH severity, the verdict is dropped one level to MEDIUM because it is associated with the primary intended purpose of a DevOps skill.\n- Indirect Prompt Injection (LOW): The script scripts/cloudflare_deploy.py reads input from wrangler.toml to determine worker names for deployment. This represents a potential surface for indirect injection if project files are compromised.\n
- Ingestion points: scripts/cloudflare_deploy.py reads wrangler.toml.\n
- Boundary markers: None present.\n
- Capability inventory: subprocess.run executes shell commands in scripts/cloudflare_deploy.py.\n
- Sanitization: Basic string stripping of quotes in get_worker_name.\n- External Downloads (LOW): The skill references several external packages and tools including 'wrangler', 'hono', and AWS SDKs. These are standard, reputable industry tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata