paper-illustration
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
generativelanguage.googleapis.comto access Google's generative AI models. This endpoint is a well-known service for AI functionality, and the requests are essential for the skill's purpose of image generation and layout planning. - [COMMAND_EXECUTION]: The workflow is orchestrated using Bash and Python. These scripts handle directory creation, API communication via
curl, and processing of JSON data. These activities are performed locally and are restricted to the skill's defined output directories. - [CREDENTIALS_UNSAFE]: Use of the
GEMINI_API_KEYis handled via an environment variable. The skill includes logic to verify the key's existence before making authenticated requests to the official Google API. There are no instances of the key being hardcoded or shared with untrusted entities. - [DATA_EXFILTRATION]: Network activity is exclusively directed to official Google endpoints. Data processed by the skill, such as user prompts and generated images, remains within the user's environment or is sent to the trusted API for processing.
- [PROMPT_INJECTION]: The skill processes user-provided figure descriptions (Ingestion point: user request argument) and interpolates them into templates. Boundary markers are implemented using structured markdown headers within the prompt. The capability inventory includes file system access and Google API requests. Sanitization is performed using Python's
json.dumpto ensure inputs are safely escaped before transmission.
Audit Metadata