Vision Sandbox
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits image content and user-defined prompts to Google's Gemini API endpoints. This behavior is the primary function of the tool and targets a well-known service.
- [COMMAND_EXECUTION]: The script configures the Gemini model to utilize its native code execution sandbox. This functionality allows the AI to run Python code within Google's cloud infrastructure to perform spatial calculations, ensuring no code from the model is executed on the local host machine.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its handling of untrusted data inputs.
- Ingestion points: Prompts and image data are ingested via command-line arguments and processed in
scripts/vision_executor.py. - Boundary markers: No explicit boundary markers or isolation instructions are used when passing the prompt and image to the model.
- Capability inventory: The script includes functionality to write output images (
.png) to the current directory based on model response data. - Sanitization: No sanitization is performed on the input prompt or the model's textual output.
- [SAFE]: The project follows security best practices by retrieving sensitive credentials from the
GEMINI_API_KEYenvironment variable. All identified network and file system operations are consistent with the skill's documented purpose.
Audit Metadata