googlecloudplatform/cloud-run-agent-architect
ai-ml/dev-signal/.agent/skills/cloud-run-agent-architect/SKILL.md
Automates the generation of Terraform files for a secure Cloud Run deployment of an AI agent.
$ install --global
skillsauthnpx skillsauth add googlecloudplatform/devrel-demos cloud-run-agent-architectInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:59 PM6.7s1 file scanned
SKILL.md
- name:
- cloud-run-agent-architect
- description:
- Automates the generation of Terraform files for a secure Cloud Run deployment of an AI agent.
cloud-run-agent-architect
This skill helps you provision secure, reproducible infrastructure on Google Cloud for your AI agents using Terraform. It follows the "least-privilege" principle and handles Secret Manager integration.
Usage
Ask Antigravity to:
- "Generate Terraform files for my Cloud Run agent"
- "Create a secure service account for my agent"
- "Add my Reddit and Google Docs secrets to Terraform"
Infrastructure Pattern
The generated infrastructure includes:
- Cloud Run Service: Configured with automated secret injection and VPC egress if needed.
- Dedicated Service Account: Granted specific roles like
roles/aiplatform.userandroles/secretmanager.secretAccessor. - Secret Manager: Provisioned for sensitive API keys (e.g.,
REDDIT_CLIENT_ID,DK_API_KEY). - Artifact Registry: A private repository to host the agent's container images.
Terraform Template
Refer to the included resources/main.tf and resources/variables.tf for the standard implementation.
Key IAM Roles
roles/aiplatform.user: To call Vertex AI models.roles/logging.logWriter: To export agent traces.roles/storage.objectAdmin: If the agent saves artifacts (e.g., images to GCS).roles/secretmanager.secretAccessor: To read secrets at runtime.
Related Skills
googlecloudplatform/gcp-agent-sdp-template-factory
devops
VerifiedTrustedCommunity
Standardizes the creation of Sensitive Data Protection (DLP) templates for PII and credential redaction.
260SKILL.mdUpdated Apr 5, 2026
googlecloudplatform/gcp-agent-safety-gatekeeper
development
VerifiedTrustedCommunity
Implements the "Defense-in-Depth" integration pattern in Python (intercepting prompts, parsing filter results).
260SKILL.mdUpdated Apr 5, 2026
googlecloudplatform/gcp-agent-model-armor-shield
testing
VerifiedTrustedCommunity
Configures Model Armor security policies (Prompt Injection, Jailbreak, RAI filters).
260SKILL.mdUpdated Apr 5, 2026
googlecloudplatform/gcp-agent-golden-dataset-builder
tools
VerifiedTrustedCommunity
Assists developers in collecting and structuring a library of diverse examples ("Golden Dataset") required for data-driven evaluation, including tool trajectories.
260SKILL.mdUpdated Apr 5, 2026