gemini-3-image-prompt
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious patterns or attempts to override system safety guidelines were detected. The skill uses structured prompts to guide user interaction toward legitimate image prompt engineering.
- [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were found. The skill does not handle or request credentials, API keys, or private data.
- [REMOTE_CODE_EXECUTION]: There is no code execution capability within the skill. While the documentation provides example Python code for users to utilize in their own environments (e.g., Vertex AI API), the skill itself does not execute these scripts or download remote payloads.
- [EXTERNAL_DOWNLOADS]: The skill contains several URL references to official Google documentation (ai.google.dev, cloud.google.com) and technology blogs (atlabs.ai, wavespeed.ai). These are provided for informational purposes as documentation sources and do not involve the download of executable content.
- [COMMAND_EXECUTION]: No shell command execution or dynamic context injection patterns were detected. The skill operates entirely within the text-processing domain.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests user input to generate prompts, it lacks the dangerous capabilities (like file writing or network requests) required to facilitate an exploit. The output is purely informational text for the user.
Audit Metadata