google-web-search
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill exhibits an indirect prompt injection surface by design as it fetches external web data. 1. Ingestion points: The prompt passed to the get_grounded_response function in scripts/example.py triggers a search that pulls untrusted content from the web into the model context. 2. Boundary markers: Absent; the user query is passed directly to the model without delimiters or instructions to ignore embedded commands in search results. 3. Capability inventory: The skill is limited to generating text responses; it has no file-write or shell-execution capabilities. 4. Sanitization: None; external web content is processed raw by the Gemini model.
- Credentials Handling (INFO): The skill follows best practices by retrieving the GEMINI_API_KEY from environment variables rather than hardcoding it.
Audit Metadata