Skills
skills/zebbern/secops-cli-guides/Cloud Penetration Testing/Gen Agent Trust Hub

Cloud Penetration Testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (LOW): The skill utilizes a piped command execution pattern (curl | bash) to download and run a script from https://sdk.cloud.google.com. While this execution method is high-risk by nature, the source domain belongs to Google, which is a trusted organization under the [TRUST-SCOPE-RULE]. Consequently, the finding is downgraded from CRITICAL to LOW.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill initiates a network request to fetch external installation scripts. Since the destination is a verified trusted source, this is categorized as a low-risk informational finding.
  • [COMMAND_EXECUTION] (LOW): The skill uses shell commands to invoke installers. This behavior is expected for environment setup tasks involving trusted vendor SDKs.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://sdk.cloud.google.com - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 07:47 AM