gcp-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No direct prompt injection or jailbreak attempts were identified. The instructions are focused on infrastructure auditing and include a 'Prompt Injection Safety Notice' that reinforces the agent's behavior to treat untrusted configuration files as data, mitigating potential indirect injection risks.- [DATA_EXFILTRATION]: No evidence of data exfiltration. The skill uses restricted tools (
Read,Grep,Glob) and lacks network-enabled tools or instructions to transmit data externally. File access is limited to cloud infrastructure-as-code files within the repository.- [OBFUSCATION]: No obfuscated content, encoded strings, or hidden characters were found in either the primary skill definition or the benchmark checklist.- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. External URLs point exclusively to official documentation from trusted sources (Google Cloud, CIS, and HashiCorp).- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted infrastructure-as-code files, it includes robust defensive instructions: - Ingestion points: GCP configuration files (.tf, .yaml, .json) located via
GlobandGrepinSKILL.mdStep 1. - Boundary markers: Explicitly defined in the 'Prompt Injection Safety Notice', which warns the agent to disregard directives embedded in configuration content.
- Capability inventory: Limited to read-only file operations via
Read,Grep, andGlobtools. No tools for network communication, file modification, or command execution are authorized. - Sanitization: The skill relies on clear instruction-level boundaries rather than programmatic sanitization.
Audit Metadata