gke-golden-path
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- Standardized Security Configuration: The skill defines a "Golden Path" for GKE clusters, emphasizing secure defaults. This includes disabling insecure RBAC bindings, enabling Shielded Nodes for boot integrity, and using Workload Identity to manage service permissions.
- Sensitive Data Protections: The instructions explicitly include guardrails against requesting or outputting secrets such as tokens or service account keys. It recommends using Secret Manager with automated rotation enabled by default.
- Network Security Best Practices: The configuration defaults to private clusters with private nodes and authorized network enforcement, reducing the cluster's exposure to the public internet.
- Data Handling: The skill uses project-specific discovery via standard platform tools (MCP or gcloud) rather than asking users to provide potentially sensitive project identifiers manually.
Audit Metadata