gemini-3-multimodal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the processing of external media files.
- Ingestion points: Untrusted data enters the agent context via the media file paths provided to
scripts/analyze-image.py,scripts/process-audio.py,scripts/process-pdf.py, andscripts/process-video.py. - Boundary markers: The prompts used in the model calls do not employ delimiters (like XML tags or clear separators) to isolate the user instructions from potential malicious text or instructions embedded within the images, documents, or audio files.
- Capability inventory: The scripts possess the capability to read from the local filesystem, transmit data to a trusted external API (Google), and write analysis results to local files via the
--outputparameter. - Sanitization: There is no evidence of sanitization or filtering of the content extracted from media files before it is processed by the generative model.
Audit Metadata