Skills
skills/aia-11-hn-mib/mib-mockinterviewaibot/gemini-image-gen/Gen Agent Trust Hub

gemini-image-gen

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION] (SAFE): The skill presents an indirect prompt injection surface as it processes untrusted user input (text and images) to generate content. This risk is inherent to the tool's primary purpose. 1. Ingestion points: untrusted data enters via the contents parameter in generate_content (README.md, SKILL.md, api-reference.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples. 3. Capability inventory: The skill is allowed to use Bash, Read, and Write tools as defined in SKILL.md. 4. Sanitization: No sanitization or validation of the input content is implemented in the code snippets.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill requires the google-genai Python package, which is an official library from a trusted source (Google).
  • [DATA_EXFILTRATION] (SAFE): The skill communicates with generativelanguage.googleapis.com, which is the official and necessary endpoint for the Gemini API. No suspicious network activity to non-whitelisted domains was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 01:10 AM