genkit
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the Genkit CLI and a wide range of model and database plugins from official package registries and domains.
- [REMOTE_CODE_EXECUTION]: Installation steps include fetching a setup script from cli.genkit.dev and piping it directly to the bash shell for execution.
- [COMMAND_EXECUTION]: The skill uses local command execution to start a developer environment, open a local dashboard at localhost:4000, and execute AI flows using npx and tsx.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by accepting user-provided strings in flows that are subsequently processed by LLMs with tool-calling permissions. * Ingestion points: Input schemas for summarizeFlow, streamingFlow, agentFlow, and ragFlow defined in SKILL.md. * Boundary markers: User inputs are interpolated into prompts without the use of dedicated delimiters or specific instructions to ignore embedded commands. * Capability inventory: The skill enables the use of tools like searchWeb and getWeather, which can be invoked by the model based on processed content. * Sanitization: While structure is enforced by Zod schemas, the natural language content of inputs is not sanitized for malicious instruction patterns.
Audit Metadata