Skills
skills/firebase/agent-skills/developing-genkit-go/Gen Agent Trust Hub

developing-genkit-go

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Genkit CLI installation script from cli.genkit.dev (e.g., curl -sL cli.genkit.dev | bash in SKILL.md).
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded CLI installation script directly in the shell. This is a standard but high-privilege operation for developer tooling.
  • [PROMPT_INJECTION]: The skill documents patterns for interpolating untrusted user data directly into AI prompts, which creates an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through flow arguments (e.g., topic in jokeFlow in SKILL.md) and prompt input types (e.g., JokeRequest in references/prompts.md).
  • Boundary markers: Examples do not include boundary markers or explicit instructions to ignore embedded commands in the user-provided data.
  • Capability inventory: The skill uses genkit.GenerateText, genkit.Generate, and genkit.DefineTool which can perform actions based on the potentially injected instructions.
  • Sanitization: No sanitization or validation of the input variables before interpolation into the prompt string is shown in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:18 PM