google-cloud-mcp

The server integrates with the Google Cloud CLI (`gcloud`), which is inherently a high-risk operation. However, the codebase implements robust guardrails to mitigate this risk, including: 1. A strict read-only policy for `gcloud` commands, blocking mutable verbs (e.g., `create`, `delete`, `update`) and sensitive prefixes (e.g., `iam`, `secret-manager`, `kms`). 2. Enforcement of service account identity for `gcloud` commands, preventing execution with personal credentials. 3. Comprehensive read-only assertion for SQL queries in BigQuery and Spanner, explicitly denying destructive statements (`INSERT`, `UPDATE`, `DELETE`, `DROP`, `ALTER`, `CREATE`). 4. Log redaction policies to scrub sensitive data (IPs, user identifiers, request bodies) from Logging outputs unless explicitly authorized by roles. 5. General input sanitization and rate-limiting via an `McpSecurityValidator`. While the `gcloud` CLI integration remains a potential vector, the implemented policies significantly reduce its exploitability. No obvious hardcoded secrets or `eval` misuse were found.