Qa Gate Gcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GCP pre-production QA validator, but it should be used only against staging or disposable environments because it can run tests, use cloud credentials, and send LLM samples to OpenRouter.

Install only if you intend to run QA against a staging, disposable, or otherwise isolated GCP environment. Use least-privilege GCP service accounts, review the gcp-fullstack dependency, inspect generated scripts before running them, avoid production data, and assume LLM evaluation prompts/outputs may be sent to OpenRouter or its upstream model provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The manifest requests broad filesystem and network permissions while also requiring credential-related environment variables such as OPENROUTER_API_KEY and GOOGLE_APPLICATION_CREDENTIALS, but it provides no in-file disclosure of how those sensitive capabilities will be used. In a skill that performs QA against GCP services, these permissions may be functionally necessary, but the lack of explicit warning and scope limitation increases the risk of unintended secret exposure, over-collection, or misuse if the skill is modified or behaves unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal