Skills
skills/cline/skills/dataproc-skills/Gen Agent Trust Hub

dataproc-skills

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts use child_process.spawn to execute commands via npx. This is the primary method for invoking the Dataproc management tools provided by the @toolbox-sdk/server package.
  • [EXTERNAL_DOWNLOADS]: Each script downloads and executes the @toolbox-sdk/server@1.1.0 package from the NPM registry at runtime using the npx --yes command. This is standard behavior for tools leveraging the toolbox-sdk infrastructure.
  • [CREDENTIALS_UNSAFE]: The scripts contain logic to read environment variables from a .env file located three levels above the script directory (../../../.env). This is used to load necessary configuration and credentials for Google Cloud authentication when running in supported CLI environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 12:28 PM
Security Audit — agent-trust-hub — dataproc-skills