pp-cloud-run-admin
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions and metadata to install CLI and MCP binaries from the vendor's own repositories using
npxandgo install(e.g.,github.com/mvanhorn/printing-press-library).- [DATA_EXFILTRATION]: Thecloud-run-admin-pp-clitool includes a--deliver webhook:<url>flag that allows command results to be transmitted to external URLs via HTTP POST. It also includes a feedback mechanism that can be configured to send data to a remote endpoint.- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using a custom binary to interact with the Cloud Run Admin API.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes resource metadata from Google Cloud Run which could contain malicious instructions. Ingestion points:services list,sync, andsearchcommands inSKILL.md. Boundary markers: Absent. Capability inventory: Administrative shell command execution and network data delivery via thecloud-run-admin-pp-clibinary. Sanitization: None mentioned.
Audit Metadata