devops
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The skill documentation (SKILL.md) suggests installing the Google Cloud SDK via 'curl https://sdk.cloud.google.com | bash'. While piped execution is a critical pattern, the use of an official, trusted domain for the primary purpose of the skill warrants a downgrade to LOW severity.
- COMMAND_EXECUTION (LOW): The 'scripts/cloudflare_deploy.py' utility uses 'subprocess.run' to interact with the wrangler CLI. This is a core functionality for a DevOps skill, and since it uses structured argument lists rather than shell strings, the injection risk is minimized.
- PROMPT_INJECTION (LOW): Examples in 'references/browser-rendering.md' demonstrate taking a URL from a user-provided search parameter for use in 'page.goto()'. This is an indirect prompt injection surface. Evidence: (1) Ingestion point: references/browser-rendering.md (via URL search params), (2) Boundary markers: Absent in code examples, (3) Capability: Network access and page content extraction via Puppeteer, (4) Sanitization: Not implemented in the example snippet.
- EXTERNAL_DOWNLOADS (LOW): The skill relies on external tools like Wrangler, Docker, and GCloud, and references external container images and packages. These are standard dependencies for the skill's intended purpose.
Recommendations
- HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata