gemini-image-skill
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from documents and slides to generate image descriptions, creating a surface for indirect prompt injection.
- Ingestion points: As described in Phase 1 of SKILL.md, the agent reads and extracts concepts from target documents.
- Boundary markers: The skill lacks delimiters or instructions to ignore malicious content within the ingested documents.
- Capability inventory: The system can perform network requests to the Gemini API and write files to the local disk.
- Sanitization: Extracted data is not validated or sanitized before being included in the model prompts.
- [COMMAND_EXECUTION]: The skill uses shell command templates that include placeholders for user-controlled descriptions. If the agent does not properly escape these inputs, it could lead to argument injection when running the generation script.
- [EXTERNAL_DOWNLOADS]: The skill specifies dependencies on google-genai and Pillow, which are standard and legitimate libraries from official sources.
Audit Metadata