gcp-patterns
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and code snippets for Google Cloud Platform (GCP) implementation following industry security standards.
- [SAFE]: Dockerfile instructions follow the principle of least privilege by creating a dedicated non-root user ('app') to run the application.
- [SAFE]: Secret management practices are correctly demonstrated using Cloud Run's integration with Secret Manager ('secretKeyRef', '--set-secrets') rather than hardcoding sensitive data or environment variables.
- [SAFE]: IAM recommendations explicitly advise against overprivileged primitive roles (e.g., 'roles/editor') and promote per-service service accounts with minimal required permissions.
Audit Metadata