google-cloud-recipe-networking-observability
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- Standard Tool Usage: The skill utilizes official Google Cloud tools such as
gcloud,bq, and MCP servers (Cloud Logging, BigQuery, Monitoring). These tools are used for their intended purpose of resource discovery and data analysis within the Google Cloud ecosystem. - Authentication and Authorization: Documentation within the skill references standard authentication methods, such as
gcloud auth print-access-token, for interacting with the Google Cloud Monitoring API. This relies on the existing security context of the environment. - Operational Boundaries: The
SKILL.mdfile defines clear constraints that prevent the agent from excessive exploration and explicitly bans the use of local shell scripts or Python files. This design choice minimizes the risk of executing unauthorized local code. - Query Transparency: The skill mandates that generated SQL queries be printed for review before execution, providing a human-in-the-loop check for data retrieval operations.
- Data Handling: While the skill processes external telemetry data (logs and metrics), its instructions are focused on retrieval and presentation. There are no patterns suggesting the execution or exfiltration of sensitive data to non-authorized domains.
Audit Metadata