imagen
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill accepts user-supplied text prompts to generate visual content, which creates a potential surface for indirect prompt injection attacks. 1. Ingestion points: User-provided text prompts passed as command-line arguments to the scripts/generate_image.py script. 2. Boundary markers: No delimiters or boundary instructions are documented to distinguish between user input and system instructions. 3. Capability inventory: The skill utilizes Python script execution, local file system writes, and external API requests to Google Gemini. 4. Sanitization: There is no evidence of input sanitization or validation for the prompt data.
- [METADATA_POISONING]: The skill metadata refers to a non-existent model version 'gemini-3-pro-image-preview', which is misleading regarding the technical requirements and capabilities of the skill.
- [NO_CODE]: The primary functional component 'scripts/generate_image.py' referenced in the usage section is not provided in the skill package.
Audit Metadata