{"id":51473156,"url":"https://github.com/gemini-cli-extensions/google-cloud-storage","last_synced_at":"2026-07-08T16:01:42.876Z","repository":{"id":362383151,"uuid":"1216087888","full_name":"gemini-cli-extensions/google-cloud-storage","owner":"gemini-cli-extensions","description":"Official Google Cloud Storage Skills Repo","archived":false,"fork":false,"pushed_at":"2026-06-15T23:17:18.000Z","size":95,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-06-16T00:15:07.108Z","etag":null,"topics":["antigravity","claude-code","codex","gcs","gemini-cli","google","google-cloud","google-cloud-storage","google-skills","skills"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gemini-cli-extensions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-20T14:54:43.000Z","updated_at":"2026-06-15T23:06:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gemini-cli-extensions/google-cloud-storage","commit_stats":null,"previous_names":["gemini-cli-extensions/google-cloud-storage"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gemini-cli-extensions/google-cloud-storage","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gemini-cli-extensions%2Fgoogle-cloud-storage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gemini-cli-extensions%2Fgoogle-cloud-storage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gemini-cli-extensions%2Fgoogle-cloud-storage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gemini-cli-extensions%2Fgoogle-cloud-storage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gemini-cli-extensions","download_url":"https://codeload.github.com/gemini-cli-extensions/google-cloud-storage/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gemini-cli-extensions%2Fgoogle-cloud-storage/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35270196,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-08T02:00:06.796Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antigravity","claude-code","codex","gcs","gemini-cli","google","google-cloud","google-cloud-storage","google-skills","skills"],"created_at":"2026-07-06T20:00:39.735Z","updated_at":"2026-07-08T16:01:42.862Z","avatar_url":"https://github.com/gemini-cli-extensions.png","language":"Python","funding_links":[],"categories":["Cloud and Infrastructure"],"sub_categories":[],"readme":"# Google Cloud Storage Skills\n\n[![Install via skills.sh](https://img.shields.io/badge/skills.sh-install-green)](https://skills.sh/gemini-cli-extensions/google-cloud-storage)\n\nThis repository contains [Agent Skills](https://agentskills.io/home) for\n[Google Cloud Storage](https://cloud.google.com/storage). These skills deliver\nvetted GCS expertise directly into your coding agent, letting you use natural\nlanguage prompts in your preferred CLI or IDE to work with your storage\nresources.\n\n\u003e [!NOTE]\n\u003e This repository is under active development. More skills will be added\n\u003e over time.\n\n\u003e [!IMPORTANT]\n\u003e **We Want Your Feedback!** Please share your thoughts with us by\n\u003e opening an issue on\n\u003e [GitHub](https://github.com/gemini-cli-extensions/google-cloud-storage/issues).\n\u003e Your input is invaluable and helps us improve the project for everyone.\n\n## Contents\n\n-   [Installation](#installation)\n-   [Available Skills](#available-skills)\n-   [Prerequisites](#prerequisites)\n-   [GCS Security Assessment Skill](#gcs-security-assessment-skill)\n    -   [Required Permissions](#required-permissions)\n    -   [Authentication](#authentication)\n    -   [Usage Examples](#usage-examples)\n-   [Security Reminder: Agent Environment Hardening](#security-reminder-agent-environment-hardening)\n-   [Support](#support)\n-   [Contributing](#contributing)\n-   [License](#license)\n\n## Installation\n\n```bash\nnpx skills add gemini-cli-extensions/google-cloud-storage\n```\n\nFrom the `npx` install command, you can select the specific skills from this\nrepo to install. The skills work with any compatible coding agent, including\nGemini CLI, Claude Code, Codex, and Antigravity CLI.\n\n## Available Skills\n\n-   [**GCS Security Assessment**](#gcs-security-assessment-skill) — Assesses the\n    security posture of Google Cloud Storage projects and buckets, identifying\n    toxic combinations of vulnerabilities and checking SAIF compliance.\n\n## Prerequisites\n\nEnsure you have the following:\n\n*   **A Google Cloud project** with the resources you want to work with.\n*   **Google Cloud SDK (gcloud CLI):**\n    [Install and initialize](https://cloud.google.com/sdk/docs/install) the\n    gcloud CLI and ensure\n    [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/provide-credentials-adc)\n    are configured.\n*   **A compatible coding agent**, such as Gemini CLI, Claude Code, Codex, or\n    Antigravity CLI.\n\n## GCS Security Assessment Skill\n\nThe GCS Security Assessment skill is grounded in Google's\n[Secure AI Framework (SAIF)](https://saif.google/secure-ai-framework/saif-map).\nRather than emitting isolated static alerts, it correlates real telemetry\nsignals gathered from your project to surface **toxic combinations** of\nvulnerabilities—scenarios where individually low-risk configurations combine to\ncreate a critical exposure—and provides actionable, verified remediation.\n\n\u003e [!TIP]\n\u003e For the best analysis, we highly recommend being a\n\u003e [Storage Intelligence](https://docs.cloud.google.com/storage/docs/storage-intelligence/overview)\n\u003e customer. When Storage Intelligence is enabled, the skill can query your\n\u003e Storage Insights datasets to perform deep, bucket-level and object-level\n\u003e assessments. Without it, the skill falls back to a project-level assessment\n\u003e only.\n\n### Required Permissions\n\nThe only hard requirement is working **Application Default Credentials** (see\n[Authentication](#authentication)). There is no required IAM permission—any\nauthenticated identity can run the skill, though signals it cannot read are\nreported as `UNKNOWN`.\n\nFor a complete assessment, grant the recommended **read-only** roles covering\nStorage Insights telemetry (bucket/object analysis) and project-level posture\n(IAM and audit config, org policies, VPC Service Controls, and Model Armor). See\n**[PERMISSIONS.md](./PERMISSIONS.md)** for the full permission tables and a\nready-to-apply custom IAM role\n([`gcs-security-assessment-role.yaml`](./gcs-security-assessment-role.yaml)).\n\n### Authentication\n\nBefore running an assessment, authenticate with Google Cloud so the agent can\nread your project telemetry and run any remediation you approve. It is\nrecommended to run **both** of the following commands:\n\n```bash\ngcloud auth login\ngcloud auth application-default login\n```\n\n*   **`gcloud auth application-default login`** is **required**: the skill's\n    scripts use Application Default Credentials (ADC) to generate access tokens\n    for GCP API calls.\n*   **`gcloud auth login`** allows the agent (or you) to run standard `gcloud`\n    commands to explore configurations or dig deeper into specific resources\n    beyond what the skill scripts cover.\n\n### Usage Examples\n\nInteract with your coding agent using natural language:\n\n*   **Assess an entire project:** `Assess the security posture of project\n    [PROJECT_ID]`\n*   **Assess a specific subset of buckets:** `Assess the security posture of\n    buckets [BUCKET_1], [BUCKET_2] in project [PROJECT_ID]`\n*   **Follow-up investigation:** After an assessment, ask the agent to drill\n    into a finding—for example, \"Explain why the `ml-training-data` bucket is\n    flagged as a toxic combination\" or \"Show me the exact command to remediate\n    the public access finding.\"\n\nThe agent works through a fixed, auditable sequence of phases—discovering scope\nand gathering telemetry, classifying buckets, evaluating baseline security,\nanalyzing toxic combinations, and producing a formatted report—so you can trace\nevery finding back to a signal it actually collected.\n\n## Security Reminder: Agent Environment Hardening\n\nYour agent can execute tools and commands on your behalf. Protect your Google\nCloud resources by enforcing **The Principle of Least Privilege** across all\nCLIs, MCP servers and other resources available to your agents.\n\n*   **Service Accounts:** Use\n    [service accounts](https://docs.cloud.google.com/docs/authentication/use-service-account-impersonation)\n    instead of end user credentials to access Google Cloud resources.\n*   **Limited Permissions:** Assign roles with\n    [limited permissions](https://docs.cloud.google.com/iam/docs/roles-overview)\n    to the service account that you're using for authentication.\n*   **Principal Access Boundaries:** Prevent unwanted cross-org agent access by\n    using\n    [Principal Access Boundary policies](https://docs.cloud.google.com/iam/docs/principal-access-boundary-policies#use-case-one-project)\n    to scope your agent to projects you intend it to access.\n*   [Include a condition in the policy binding](https://docs.cloud.google.com/iam/docs/principal-access-boundary-policies#use-case-one-project)\n    to ensure that the policy only applies to the service accounts that you\n    intend to restrict.\n\nYou can read more\n[here](https://docs.cloud.google.com/data-cloud-extension/vs-code/prompt-injection-risk)\non how to mitigate prompt injection attacks with Google Cloud MCP.\n\n## Support\n\nIf you need help or encounter issues with these skills, search for existing\nissues or open a new one in the\n[GitHub Issue Tracker](https://github.com/gemini-cli-extensions/google-cloud-storage/issues).\n\n## Contributing\n\nWe welcome contributions to improve these skills. You can help by:\n\n*   [Reporting bugs or inaccuracies](https://github.com/gemini-cli-extensions/google-cloud-storage/issues)\n    in the skill files.\n*   Suggesting new skills to add to this repository by filing a feature request.\n\n## License\n\nYou are free to copy, modify, and distribute these skills under the terms of the\nApache 2.0 license. See the `LICENSE` file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgemini-cli-extensions%2Fgoogle-cloud-storage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgemini-cli-extensions%2Fgoogle-cloud-storage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgemini-cli-extensions%2Fgoogle-cloud-storage/lists"}