Rename security-assessment skill to gcs-security-assessment

PERMISSIONS.md

@@ -4,9 +4,9 @@ This guide documents the Google Cloud IAM permissions used by the skills in this
 repository. All access is **read-only**—the skills never mutate your resources.
 More skills (and their permission requirements) will be added here over time.
 
-## Security Assessment Skill
+## GCS Security Assessment Skill
 
-The Security Assessment skill performs a **read-only** security posture
+The GCS Security Assessment skill performs a **read-only** security posture
 assessment of Google Cloud Storage projects and buckets. It reads bucket and
 object state via Storage Insights → BigQuery and gathers project-level posture
 via REST. It never mutates target resources.

README.md

@@ -23,7 +23,7 @@ resources.
 -   [Installation](#installation)
 -   [Available Skills](#available-skills)
 -   [Prerequisites](#prerequisites)
--   [Security Assessment Skill](#security-assessment-skill)
+-   [GCS Security Assessment Skill](#gcs-security-assessment-skill)
     -   [Required Permissions](#required-permissions)
     -   [Authentication](#authentication)
     -   [Usage Examples](#usage-examples)
@@ -44,7 +44,7 @@ Gemini CLI, Claude Code, Codex, and Antigravity CLI.
 
 ## Available Skills
 
--   [**Security Assessment**](#security-assessment-skill) — Assesses the
+-   [**GCS Security Assessment**](#gcs-security-assessment-skill) — Assesses the
     security posture of Google Cloud Storage projects and buckets, identifying
     toxic combinations of vulnerabilities and checking SAIF compliance.
 
@@ -61,9 +61,9 @@ Ensure you have the following:
 *   **A compatible coding agent**, such as Gemini CLI, Claude Code, Codex, or
     Antigravity CLI.
 
-## Security Assessment Skill
+## GCS Security Assessment Skill
 
-The Security Assessment skill is grounded in Google's
+The GCS Security Assessment skill is grounded in Google's
 [Secure AI Framework (SAIF)](https://saif.google/secure-ai-framework/saif-map).
 Rather than emitting isolated static alerts, it correlates real telemetry
 signals gathered from your project to surface **toxic combinations** of

gcs-security-assessment-role.yaml

@@ -1,5 +1,5 @@
 title: "GCS Security Assessment (Read-Only)"
-description: "Read-only access for the GCS security-assessment skill."
+description: "Read-only access for the GCS Security Assessment skill."
 stage: "GA"
 includedPermissions:
   # Bucket & object assessment (Storage Insights telemetry)

skills/security-assessment/SKILL.md → skills/gcs-security-assessment/SKILL.md

@@ -1,5 +1,5 @@
 ---
-name: security-assessment
+name: gcs-security-assessment
 description: >-
   Assesses security posture, evaluates risks, and checks SAIF compliance for Google Cloud Storage buckets or projects. Use when the user requests security scans, vulnerability checks, or SAIF assessments. Don't use when: The user is asking about non-GCS resources (Compute Engine, GKE, etc.), investigating a
   live production outage, or asking general security questions not tied to a specific project or bucket.

skills/security-assessment/scripts/cloud_rest_helpers_nodeps.py → skills/gcs-security-assessment/scripts/cloud_rest_helpers_nodeps.py

@@ -58,7 +58,7 @@ def bigquery_labels(skill: str, script: str) -> dict[str, str]:
   (https://cloud.google.com/bigquery/docs/labels-intro#requirements).
 
   Args:
-    skill: Identifier for the calling skill (e.g., "security-assessment").
+    skill: Identifier for the calling skill (e.g., "gcs-security-assessment").
     script: Identifier for the calling script (e.g., "fetch-bucket-telemetry").
 
   Returns:
@@ -395,7 +395,7 @@ def get_authorized_session(
   also stamped so requests are billed/quota-attributed to that project.
 
   Args:
-    skill: Identifier for the calling skill (e.g., "security-assessment").
+    skill: Identifier for the calling skill (e.g., "gcs-security-assessment").
     script: Identifier for the calling script (e.g., "fetch-bucket-telemetry").
     project_id: Optional GCP project ID for billing/quota attribution. When
       set, stamped as the ``X-Goog-User-Project`` header on every request.
@@ -469,7 +469,7 @@ def execute_bigquery_query(
     project_id: The GCP project ID.
     payload: The JSON query payload.
     session: Authorized session for REST requests.
-    skill: Identifier for the calling skill (e.g., "security-assessment").
+    skill: Identifier for the calling skill (e.g., "gcs-security-assessment").
     script: Identifier for the calling script (e.g., "fetch-bucket-telemetry").
 
   Returns:

skills/security-assessment/scripts/evaluate_project_security_posture.py → skills/gcs-security-assessment/scripts/evaluate_project_security_posture.py

@@ -25,7 +25,7 @@
 # plane, so it needs a longer timeout than per-region/global Model Armor calls.
 _MODEL_ARMOR_TEMPLATES_TIMEOUT_SECONDS = 30
 
-_SKILL = "security-assessment"
+_SKILL = "gcs-security-assessment"
 _SCRIPT = "evaluate-project-security-posture"
 
 

skills/security-assessment/scripts/fetch_bucket_telemetry.py → skills/gcs-security-assessment/scripts/fetch_bucket_telemetry.py

@@ -9,7 +9,7 @@
 import cloud_rest_helpers_nodeps
 import validation
 
-_SKILL = "security-assessment"
+_SKILL = "gcs-security-assessment"
 _SCRIPT = "fetch-bucket-telemetry"
 
 

skills/security-assessment/scripts/fetch_object_telemetry.py → skills/gcs-security-assessment/scripts/fetch_object_telemetry.py

@@ -9,7 +9,7 @@
 import cloud_rest_helpers_nodeps
 import validation
 
-_SKILL = "security-assessment"
+_SKILL = "gcs-security-assessment"
 _SCRIPT = "fetch-object-telemetry"
 
 

skills/security-assessment/scripts/list_datasets.py → skills/gcs-security-assessment/scripts/list_datasets.py

@@ -14,7 +14,7 @@
 import cloud_rest_helpers_nodeps
 
 _TIMEOUT_SECONDS = 10
-_SKILL = "security-assessment"
+_SKILL = "gcs-security-assessment"
 _SCRIPT = "list-datasets"
 
 

skills/security-assessment/scripts/preflight_permissions.py → skills/gcs-security-assessment/scripts/preflight_permissions.py

@@ -1,4 +1,4 @@
-"""Preflight permission check for the security assessment skill.
+"""Preflight permission check for the GCS security assessment skill.
 
 Probes prerequisites the assessment depends on and emits a structured report.
 Required checks gate the assessment; recommended checks downgrade it to a
@@ -18,7 +18,7 @@
 
 _BIGQUERY_API = "https://bigquery.googleapis.com/bigquery/v2/projects"
 _STORAGE_INSIGHTS_API = "https://storageinsights.googleapis.com/v1/projects"
-_SKILL = "security-assessment"
+_SKILL = "gcs-security-assessment"
 _SCRIPT = "preflight-permissions"
 
 
@@ -341,7 +341,7 @@ def run_preflight(*, project_id: str, dataset_name: str) -> Mapping[str, Any]:
 def main() -> None:
   parser = argparse.ArgumentParser(
       description=(
-          "Preflight permission check for the security assessment skill."
+          "Preflight permission check for the GCS security assessment skill."
       )
   )
   parser.add_argument("--project_id", required=True, help="GCP project ID")