gemma-dev
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references models from the 'google' organization on Hugging Face and documentation from official 'ai.google.dev' domains. These are trusted sources for the intended development workflow.
- [COMMAND_EXECUTION]: The provided Python and JavaScript assets demonstrate standard usage of the transformers and google-cloud-aiplatform libraries. No malicious subprocess calls or arbitrary command execution patterns were found.
- [CREDENTIALS_UNSAFE]: The Vertex AI script correctly utilizes environment variables (GOOGLE_CLOUD_PROJECT, etc.) for configuration rather than hardcoding sensitive credentials.
- [PROMPT_INJECTION]: The skill uses established best practices by employing chat templates (tokenizer.apply_chat_template) to process user input, which helps maintain boundaries between instructions and data.
Audit Metadata