gemini-imagen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Network requests are restricted to the official Google Gemini API endpoint (generativelanguage.googleapis.com), which is a trusted source.
- [CREDENTIALS_UNSAFE] (SAFE): The skill provides clear instructions for handling API keys via environment variables or CLI flags and contains no hardcoded credentials.
- [PROMPT_INJECTION] (LOW): The skill ingests untrusted user text into prompts for the image generation model. This creates a surface for indirect prompt injection, though the impact is limited to the model's generated output and is mitigated by the provider's safety filters.
Audit Metadata