gemini-vision
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill has a surface for indirect prompt injection as it processes external image files and content from URLs.
- Ingestion points:
scripts/analyze-image.pyaccepts local file paths and remote URLs for processing. - Boundary markers: The provided documentation does not specify if the agent uses delimiters or explicit 'ignore embedded instructions' prompts when passing data to the API.
- Capability inventory: The skill uses Python scripts to perform filesystem reads and network requests to
generativelanguage.googleapis.com. - Sanitization: The documentation mentions basic format validation (MIME types, size limits) but does not detail sanitization of the content itself.
- [Data Exposure & Exfiltration] (SAFE): The skill implements a standard 3-step lookup for
GEMINI_API_KEY. While it searches for.envfiles in multiple directories (including.claude/), this is a common configuration pattern. The documentation appropriately warns users to add these files to.gitignoreto prevent accidental credential leakage. - [External Downloads] (SAFE): The installation instructions recommend
pip install google-genai. Becausegoogle-genaiis the official SDK provided by a trusted organization (Google), this finding is downgraded to SAFE/INFO per the [TRUST-SCOPE-RULE]. - [No Code Provided] (SAFE): The primary logic for this skill is described as residing in scripts within the
scripts/directory (analyze-image.py,upload-file.py, etc.). However, these script files were not provided for analysis. The evaluation is based on the provided markdown and configuration templates which are benign.
Audit Metadata