skills/gemini-cli-extensions/data-agent-kit-starter-pack/gcp-pipeline-orchestration/Gen Agent Trust Hub
gcp-pipeline-orchestration
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various gcloud CLI commands to manage Google Cloud resources, including gcloud beta orchestration-pipelines, gcloud composer environments, and gcloud dataproc clusters to validate and deploy pipeline definitions.\n- [COMMAND_EXECUTION]: A local Python script (scripts/trigger/airflow_trigger.py) is executed to interface with the Airflow REST API. This script utilizes Google Application Default Credentials (ADC) for secure, standard authentication with GCP services.\n- [EXTERNAL_DOWNLOADS]: The Python script performs network requests to composer.googleapis.com and dynamically retrieved Airflow URIs. These interactions are limited to well-known, trusted Google Cloud service endpoints required for pipeline triggering.\n- [PROMPT_INJECTION]: The skill processes workspace files such as deployment.yaml and orchestration YAMLs to derive parameters for CLI commands, presenting an indirect prompt injection surface common to configuration management tools.\n
- Ingestion points: deployment.yaml and pipeline-specific YAML files located in the workspace root.\n
- Boundary markers: Absent; the skill extracts values directly for use in command-line arguments.\n
- Capability inventory: Shell command execution via gcloud (defined in SKILL.md) and Python script execution (scripts/trigger/airflow_trigger.py).\n
- Sanitization: Absent; values retrieved from workspace configuration files are interpolated directly into shell command strings.
Audit Metadata