gemini-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly directs the agent to read sensitive data from
config/secrets.mdto retrieve an API key.\n- [COMMAND_EXECUTION] (HIGH): The skill utilizes a shell-basedcurlcommand to interact with an external service. This is a high-privilege operation that can be exploited if user input is not properly handled.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Communication with a non-whitelisted domain (api.apicore.ai). Per [TRUST-SCOPE-RULE], this is a finding because the domain is not in the trusted organization list.\n- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection.\n - Ingestion points: User-provided description text and image URLs (Step 2 in SKILL.md).\n
- Boundary markers: Absent. There are no delimiters or instructions to ignore instructions within the input variables.\n
- Capability inventory: Network communication and shell execution via
curl(Step 3 in SKILL.md).\n - Sanitization: Absent. User-controlled variables like
prompt_textandimage_URLare directly embedded into thecurlcommand string without escaping.
Recommendations
- AI detected serious security threats
Audit Metadata